Initial plan

Merge pull request #21796 from mattcosta7/patch-1
Add UseMemoDirective and UseNoMemoDirective classes
2026-06-12 08:21:09 +02:00 · 2026-06-11 22:22:51 +00:00 · 2026-06-11 23:01:29 +02:00 · 2026-06-11 15:19:58 -04:00 · 2026-06-11 15:11:51 +02:00 · 2026-06-11 13:27:06 +01:00
280 changed files with 13066 additions and 2094 deletions
--- a/cpp/downgrades/0853f43dc8c08deecb473c54a2b70da8597f1ab5/old.dbscheme
+++ b/cpp/downgrades/0853f43dc8c08deecb473c54a2b70da8597f1ab5/old.dbscheme
--- a/cpp/downgrades/0853f43dc8c08deecb473c54a2b70da8597f1ab5/semmlecode.cpp.dbscheme
+++ b/cpp/downgrades/0853f43dc8c08deecb473c54a2b70da8597f1ab5/semmlecode.cpp.dbscheme
--- a/cpp/downgrades/0853f43dc8c08deecb473c54a2b70da8597f1ab5/upgrade.properties
+++ b/cpp/downgrades/0853f43dc8c08deecb473c54a2b70da8597f1ab5/upgrade.properties
@@ -0,0 +1,2 @@
+description: Fix NameQualifier inconsistency
+compatibility: full
--- a/cpp/ql/lib/semmle/code/cpp/Type.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Type.qll
@@ -1071,7 +1071,7 @@ class NullPointerType extends BuiltInType {
 * const float fa[40];
 * ```
 */
-class DerivedType extends Type, @derivedtype {
+class DerivedType extends Type, NameQualifyingElement, @derivedtype {
  override string toString() { result = this.getName() }

  override string getName() { derivedtypes(underlyingElement(this), result, _, _) }
--- a/cpp/ql/lib/semmlecode.cpp.dbscheme
+++ b/cpp/ql/lib/semmlecode.cpp.dbscheme
@@ -1430,7 +1430,8 @@ specialnamequalifyingelements(
@namequalifyingelement = @namespace
                       | @specialnamequalifyingelement
                       | @usertype
-                       | @decltype;
+                       | @decltype
+                       | @derivedtype;

 namequalifiers(
    unique int id: @namequalifier,
--- a/cpp/ql/lib/upgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/old.dbscheme
+++ b/cpp/ql/lib/upgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/old.dbscheme
--- a/cpp/ql/lib/upgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/semmlecode.cpp.dbscheme
+++ b/cpp/ql/lib/upgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/semmlecode.cpp.dbscheme
--- a/cpp/ql/lib/upgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/upgrade.properties
+++ b/cpp/ql/lib/upgrades/ef8d209a22e27413aaaeff4446f0ecb9fa2c227b/upgrade.properties
@@ -0,0 +1,2 @@
+description: Fix NameQualifier inconsistency
+compatibility: full
--- a/cpp/ql/test/library-tests/name_qualifiers/NameQualifiers1.expected
+++ b/cpp/ql/test/library-tests/name_qualifiers/NameQualifiers1.expected
@@ -1,3 +1,7 @@
+| inconsistency2.cpp:3:3:3:5 | T:: | inconsistency2.cpp:3:3:3:6 | x | inconsistency2.cpp:2:20:2:20 | T |
+| inconsistency2.cpp:3:3:3:11 | const s:: | inconsistency2.cpp:3:3:3:6 | x | file://:0:0:0:0 | const s |
+| inconsistency.cpp:7:20:7:22 | S:: | inconsistency.cpp:7:20:7:23 | (int)... | inconsistency.cpp:4:8:4:8 | S |
+| inconsistency.cpp:7:20:7:22 | S:: | inconsistency.cpp:7:20:7:23 | A | inconsistency.cpp:4:8:4:8 | S |
 | name_qualifiers.cpp:29:7:29:8 | :: | name_qualifiers.cpp:29:7:29:9 | x | file://:0:0:0:0 | (global namespace) |
 | name_qualifiers.cpp:31:7:31:10 | N1:: | name_qualifiers.cpp:31:7:31:12 | nx | name_qualifiers.cpp:4:11:4:12 | N1 |
 | name_qualifiers.cpp:34:7:34:8 | :: | name_qualifiers.cpp:34:9:34:12 | N1:: | file://:0:0:0:0 | (global namespace) |
--- a/cpp/ql/test/library-tests/name_qualifiers/NameQualifiers1.ql
+++ b/cpp/ql/test/library-tests/name_qualifiers/NameQualifiers1.ql
@@ -1,7 +1,5 @@
 import cpp

 from NameQualifier nq, Location l
-where
-  l = nq.getQualifiedElement().getLocation() and
-  l.getFile().getShortName() = "name_qualifiers"
+where l = nq.getQualifiedElement().getLocation()
 select nq, nq.getQualifiedElement(), nq.getQualifyingElement()
--- a/cpp/ql/test/library-tests/name_qualifiers/inconsistency.cpp
+++ b/cpp/ql/test/library-tests/name_qualifiers/inconsistency.cpp
@@ -1,8 +1,8 @@
 // This file is present to test whether name-qualifying an enum constant leads to a database inconsistency.
-// As such, there is no QL part of the test.
+

 struct S { enum E { A }; };

-static int f() {
+static void f() {
  switch(0) { case S::A: break; }
 }
--- a/cpp/ql/test/library-tests/name_qualifiers/inconsistency2.cpp
+++ b/cpp/ql/test/library-tests/name_qualifiers/inconsistency2.cpp
@@ -0,0 +1,12 @@
+namespace {
+template <typename T> T f() {
+  T::x;
+  return {};
+}
+struct s {
+  static int x;
+};
+struct t {
+  s x = f<const s>();
+};
+}
--- a/go/ql/lib/change-notes/2026-03-23-use-shared-ssa.md
+++ b/go/ql/lib/change-notes/2026-03-23-use-shared-ssa.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The Go SSA library now uses the shared SSA library (`codeql.ssa.Ssa`), consistent with other CodeQL languages such as C#, Java, Ruby, Rust, and Swift. This may result in minor changes to SSA construction in some edge cases.
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -10,7 +10,6 @@ dependencies:
  codeql/controlflow: ${workspace}
  codeql/dataflow: ${workspace}
  codeql/mad: ${workspace}
-  codeql/ssa: ${workspace}
  codeql/threat-models: ${workspace}
  codeql/tutorial: ${workspace}
  codeql/util: ${workspace}
--- a/go/ql/lib/semmle/go/controlflow/BasicBlocks.qll
+++ b/go/ql/lib/semmle/go/controlflow/BasicBlocks.qll
@@ -48,17 +48,6 @@ class BasicBlock = BbImpl::BasicBlock;

 class EntryBasicBlock = BbImpl::EntryBasicBlock;

-/** Provides a `CfgSig` view of Go's control-flow graph for use with the shared SSA library. */
-module Cfg implements BB::CfgSig<Location> {
-  class ControlFlowNode = BbImpl::ControlFlowNode;
-
-  class BasicBlock = BbImpl::BasicBlock;
-
-  class EntryBasicBlock = BbImpl::EntryBasicBlock;
-
-  predicate dominatingEdge = BbImpl::dominatingEdge/2;
-}
-
 cached
 private predicate reachableBB(BasicBlock bb) {
  bb instanceof EntryBasicBlock
--- a/go/ql/lib/semmle/go/dataflow/SSA.qll
+++ b/go/ql/lib/semmle/go/dataflow/SSA.qll
@@ -63,7 +63,10 @@ private predicate unresolvedIdentifier(Ident id, string name) {
 /**
 * An SSA variable.
 */
-class SsaVariable extends Definition {
+class SsaVariable extends TSsaDefinition {
+  /** Gets the source variable corresponding to this SSA variable. */
+  SsaSourceVariable getSourceVariable() { result = this.(SsaDefinition).getSourceVariable() }
+
  /** Gets the (unique) definition of this SSA variable. */
  SsaDefinition getDefinition() { result = this }

@@ -71,17 +74,22 @@ class SsaVariable extends Definition {
  Type getType() { result = this.getSourceVariable().getType() }

  /** Gets a use in basic block `bb` that refers to this SSA variable. */
-  IR::Instruction getAUseIn(BasicBlock bb) {
+  IR::Instruction getAUseIn(ReachableBasicBlock bb) {
    exists(int i, SsaSourceVariable v | v = this.getSourceVariable() |
      result = bb.getNode(i) and
-      ssaDefReachesRead(v, this, bb, i) and
-      useAt(bb, i, v)
+      this = getDefinition(bb, i, v)
    )
  }

  /** Gets a use that refers to this SSA variable. */
  IR::Instruction getAUse() { result = this.getAUseIn(_) }

+  /** Gets a textual representation of this element. */
+  string toString() { result = this.getDefinition().prettyPrintRef() }
+
+  /** Gets the location of this SSA variable. */
+  Location getLocation() { result = this.getDefinition().getLocation() }
+
  /**
   * DEPRECATED: Use `getLocation()` instead.
   *
@@ -101,20 +109,50 @@ class SsaVariable extends Definition {
 /**
 * An SSA definition.
 */
-class SsaDefinition extends Definition {
+class SsaDefinition extends TSsaDefinition {
  /** Gets the SSA variable defined by this definition. */
  SsaVariable getVariable() { result = this }

-  /** Gets the innermost function or file to which this SSA definition belongs. */
-  ControlFlow::Root getRoot() { result = this.getBasicBlock().getScope() }
+  /** Gets the source variable defined by this definition. */
+  abstract SsaSourceVariable getSourceVariable();
+
+  /**
+   * Gets the basic block to which this definition belongs.
+   */
+  abstract ReachableBasicBlock getBasicBlock();
+
+  /**
+   * INTERNAL: Use `getBasicBlock()` and `getSourceVariable()` instead.
+   *
+   * Holds if this is a definition of source variable `v` at index `idx` in basic block `bb`.
+   *
+   * Phi nodes are considered to be at index `-1`, all other definitions at the index of
+   * the control flow node they correspond to.
+   */
+  abstract predicate definesAt(ReachableBasicBlock bb, int idx, SsaSourceVariable v);
+
+  /**
+   * INTERNAL: Use `toString()` instead.
+   *
+   * Gets a pretty-printed representation of this SSA definition.
+   */
+  abstract string prettyPrintDef();

  /**
   * INTERNAL: Do not use.
   *
-   * Gets a short string identifying the kind of this SSA definition,
-   * used in reference formatting (e.g., `"def"`, `"capture"`, `"phi"`).
+   * Gets a pretty-printed representation of a reference to this SSA definition.
   */
-  string getKind() { none() }
+  abstract string prettyPrintRef();
+
+  /** Gets the innermost function or file to which this SSA definition belongs. */
+  ControlFlow::Root getRoot() { result = this.getBasicBlock().getScope() }
+
+  /** Gets a textual representation of this element. */
+  string toString() { result = this.prettyPrintDef() }
+
+  /** Gets the source location for this element. */
+  abstract Location getLocation();

  /**
   * DEPRECATED: Use `getLocation()` instead.
@@ -142,23 +180,32 @@ class SsaDefinition extends Definition {
 /**
 * An SSA definition that corresponds to an explicit assignment or other variable definition.
 */
-class SsaExplicitDefinition extends SsaDefinition, WriteDefinition {
-  SsaExplicitDefinition() {
-    exists(BasicBlock bb, int i, SsaSourceVariable v |
-      this.definesAt(v, bb, i) and
-      defAt(bb, i, v)
-    )
-  }
-
+class SsaExplicitDefinition extends SsaDefinition, TExplicitDef {
  /** Gets the instruction where the definition happens. */
  IR::Instruction getInstruction() {
-    exists(BasicBlock bb, int i | this.definesAt(_, bb, i) | result = bb.getNode(i))
+    exists(BasicBlock bb, int i | this = TExplicitDef(bb, i, _) | result = bb.getNode(i))
  }

  /** Gets the right-hand side of the definition. */
  IR::Instruction getRhs() { this.getInstruction().writes(_, result) }

-  override string getKind() { result = "def" }
+  override predicate definesAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
+    this = TExplicitDef(bb, i, v)
+  }
+
+  override ReachableBasicBlock getBasicBlock() { this.definesAt(result, _, _) }
+
+  override SsaSourceVariable getSourceVariable() { this = TExplicitDef(_, _, result) }
+
+  override string prettyPrintRef() {
+    exists(Location loc | loc = this.getLocation() |
+      result = "def@" + loc.getStartLine() + ":" + loc.getStartColumn()
+    )
+  }
+
+  override string prettyPrintDef() { result = "definition of " + this.getSourceVariable() }
+
+  override Location getLocation() { result = this.getInstruction().getLocation() }
 }

 /** Provides a helper predicate for working with explicit SSA definitions. */
@@ -172,7 +219,22 @@ module SsaExplicitDefinition {
 /**
 * An SSA definition that does not correspond to an explicit variable definition.
 */
-abstract class SsaImplicitDefinition extends SsaDefinition { }
+abstract class SsaImplicitDefinition extends SsaDefinition {
+  /**
+   * INTERNAL: Do not use.
+   *
+   * Gets the definition kind to include in `prettyPrintRef`.
+   */
+  abstract string getKind();
+
+  override string prettyPrintRef() {
+    exists(Location loc | loc = this.getLocation() |
+      result = this.getKind() + "@" + loc.getStartLine() + ":" + loc.getStartColumn()
+    )
+  }
+
+  override Location getLocation() { result = this.getBasicBlock().getLocation() }
+}

 /**
 * An SSA definition representing the capturing of an SSA-convertible variable
@@ -181,8 +243,24 @@ abstract class SsaImplicitDefinition extends SsaDefinition { }
 * Capturing definitions appear at the beginning of such functions, as well as
 * at any function call that may affect the value of the variable.
 */
-class SsaVariableCapture extends SsaImplicitDefinition, UncertainWriteDefinition {
+class SsaVariableCapture extends SsaImplicitDefinition, TCapture {
+  override predicate definesAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
+    this = TCapture(bb, i, v)
+  }
+
+  override ReachableBasicBlock getBasicBlock() { this.definesAt(result, _, _) }
+
+  override SsaSourceVariable getSourceVariable() { this.definesAt(_, _, result) }
+
  override string getKind() { result = "capture" }
+
+  override string prettyPrintDef() { result = "capture variable " + this.getSourceVariable() }
+
+  override Location getLocation() {
+    exists(ReachableBasicBlock bb, int i | this.definesAt(bb, i, _) |
+      result = bb.getNode(i).getLocation()
+    )
+  }
 }

 /**
@@ -199,10 +277,7 @@ abstract class SsaPseudoDefinition extends SsaImplicitDefinition {
   * Gets a textual representation of the inputs of this pseudo-definition
   * in lexicographical order.
   */
-  string ppInputs() {
-    result =
-      concat(SsaVariable inp | inp = this.getAnInput() | inp.toString() order by inp.toString())
-  }
+  string ppInputs() { result = concat(this.getAnInput().getDefinition().prettyPrintRef(), ", ") }
 }

 /**
@@ -210,10 +285,26 @@ abstract class SsaPseudoDefinition extends SsaImplicitDefinition {
 * in the flow graph where otherwise two or more definitions for the variable
 * would be visible.
 */
-class SsaPhiNode extends SsaPseudoDefinition, PhiNode {
-  override SsaVariable getAnInput() { phiHasInputFromBlock(this, result, _) }
+class SsaPhiNode extends SsaPseudoDefinition, TPhi {
+  override SsaVariable getAnInput() {
+    result = getDefReachingEndOf(this.getBasicBlock().getAPredecessor(_), this.getSourceVariable())
+  }
+
+  override predicate definesAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
+    bb = this.getBasicBlock() and v = this.getSourceVariable() and i = -1
+  }
+
+  override ReachableBasicBlock getBasicBlock() { this = TPhi(result, _) }
+
+  override SsaSourceVariable getSourceVariable() { this = TPhi(_, result) }

  override string getKind() { result = "phi" }
+
+  override string prettyPrintDef() {
+    result = this.getSourceVariable() + " = phi(" + this.ppInputs() + ")"
+  }
+
+  override Location getLocation() { result = this.getBasicBlock().getLocation() }
 }

 /**
--- a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll
+++ b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll
@@ -7,25 +7,76 @@ overlay[local]
 module;

 import go
-private import codeql.ssa.Ssa as SsaImplCommon
-private import semmle.go.controlflow.BasicBlocks as BasicBlocks
-
-private class BasicBlock = BasicBlocks::BasicBlock;

 cached
 private module Internal {
  /** Holds if the `i`th node of `bb` defines `v`. */
  cached
-  predicate defAt(BasicBlock bb, int i, SsaSourceVariable v) {
+  predicate defAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
    bb.getNode(i).(IR::Instruction).writes(v, _)
  }

  /** Holds if the `i`th node of `bb` reads `v`. */
  cached
-  predicate useAt(BasicBlock bb, int i, SsaSourceVariable v) {
+  predicate useAt(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
    bb.getNode(i).(IR::Instruction).reads(v)
  }

+  /**
+   * A data type representing SSA definitions.
+   *
+   * We distinguish three kinds of SSA definitions:
+   *
+   *   1. Variable definitions, including declarations, assignments and increments/decrements.
+   *   2. Pseudo-definitions for captured variables at the beginning of the capturing function
+   *      as well as after calls.
+   *   3. Phi nodes.
+   *
+   * SSA definitions are only introduced where necessary. In particular,
+   * unreachable code has no SSA definitions associated with it, and neither
+   * have dead assignments (that is, assignments whose value is never read).
+   */
+  cached
+  newtype TSsaDefinition =
+    /**
+     * An SSA definition that corresponds to an explicit assignment or other variable definition.
+     */
+    TExplicitDef(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
+      defAt(bb, i, v) and
+      (liveAfterDef(bb, i, v) or v.isCaptured())
+    } or
+    /**
+     * An SSA definition representing the capturing of an SSA-convertible variable
+     * in the closure of a nested function.
+     *
+     * Capturing definitions appear at the beginning of such functions, as well as
+     * at any function call that may affect the value of the variable.
+     */
+    TCapture(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
+      mayCapture(bb, i, v) and
+      liveAfterDef(bb, i, v)
+    } or
+    /**
+     * An SSA phi node, that is, a pseudo-definition for a variable at a point
+     * in the flow graph where otherwise two or more definitions for the variable
+     * would be visible.
+     */
+    TPhi(ReachableJoinBlock bb, SsaSourceVariable v) {
+      liveAtEntry(bb, v) and
+      inDefDominanceFrontier(bb, v)
+    }
+
+  /**
+   * Holds if `bb` is in the dominance frontier of a block containing a definition of `v`.
+   */
+  pragma[noinline]
+  private predicate inDefDominanceFrontier(ReachableJoinBlock bb, SsaSourceVariable v) {
+    exists(ReachableBasicBlock defbb, SsaDefinition def |
+      def.definesAt(defbb, _, v) and
+      defbb.inDominanceFrontier(bb)
+    )
+  }
+
  /**
   * Holds if `v` is a captured variable which is declared in `declFun` and read in `useFun`.
   */
@@ -36,7 +87,7 @@ private module Internal {
  }

  /** Holds if the `i`th node of `bb` in function `f` is an entry node. */
-  private predicate entryNode(FuncDef f, BasicBlock bb, int i) {
+  private predicate entryNode(FuncDef f, ReachableBasicBlock bb, int i) {
    f = bb.getScope() and
    bb.getNode(i).isEntryNode()
  }
@@ -44,17 +95,17 @@ private module Internal {
  /**
   * Holds if the `i`th node of `bb` in function `f` is a function call.
   */
-  private predicate callNode(FuncDef f, BasicBlock bb, int i) {
+  private predicate callNode(FuncDef f, ReachableBasicBlock bb, int i) {
    f = bb.getScope() and
    bb.getNode(i).(IR::EvalInstruction).getExpr() instanceof CallExpr
  }

  /**
   * Holds if the `i`th node of basic block `bb` may induce a pseudo-definition for
-   * modeling updates to captured variable `v`.
+   * modeling updates to captured variable `v`. Whether the definition is actually
+   * introduced depends on whether `v` is live at this point in the program.
   */
-  cached
-  predicate mayCapture(BasicBlock bb, int i, SsaSourceVariable v) {
+  private predicate mayCapture(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
    exists(FuncDef capturingContainer, FuncDef declContainer |
      // capture initial value of variable declared in enclosing scope
      readsCapturedVar(capturingContainer, v, declContainer) and
@@ -68,134 +119,347 @@ private module Internal {
    )
  }

+  /** A classification of variable references into reads and writes. */
+  private newtype RefKind =
+    ReadRef() or
+    WriteRef()
+
+  /**
+   * Holds if the `i`th node of basic block `bb` is a reference to `v`, either a read
+   * (when `tp` is `ReadRef()`) or a direct or indirect write (when `tp` is `WriteRef()`).
+   */
+  private predicate ref(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind tp) {
+    useAt(bb, i, v) and tp = ReadRef()
+    or
+    (mayCapture(bb, i, v) or defAt(bb, i, v)) and
+    tp = WriteRef()
+  }
+
+  /**
+   * Gets the (1-based) rank of the reference to `v` at the `i`th node of basic block `bb`,
+   * which has the given reference kind `tp`.
+   */
+  private int refRank(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind tp) {
+    i = rank[result](int j | ref(bb, j, v, _)) and
+    ref(bb, i, v, tp)
+  }
+
+  /**
+   * Gets the maximum rank among all references to `v` in basic block `bb`.
+   */
+  private int maxRefRank(ReachableBasicBlock bb, SsaSourceVariable v) {
+    result = max(refRank(bb, _, v, _))
+  }
+
+  /**
+   * Holds if variable `v` is live after the `i`th node of basic block `bb`, where
+   * `i` is the index of a node that may assign or capture `v`.
+   *
+   * For the purposes of this predicate, function calls are considered as writes of captured variables.
+   */
+  private predicate liveAfterDef(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
+    exists(int r | r = refRank(bb, i, v, WriteRef()) |
+      // the next reference to `v` inside `bb` is a read
+      r + 1 = refRank(bb, _, v, ReadRef())
+      or
+      // this is the last reference to `v` inside `bb`, but `v` is live at entry
+      // to a successor basic block of `bb`
+      r = maxRefRank(bb, v) and
+      liveAtSuccEntry(bb, v)
+    )
+  }
+
+  /**
+   * Holds if variable `v` is live at the beginning of basic block `bb`.
+   *
+   * For the purposes of this predicate, function calls are considered as writes of captured variables.
+   */
+  private predicate liveAtEntry(ReachableBasicBlock bb, SsaSourceVariable v) {
+    // the first reference to `v` inside `bb` is a read
+    refRank(bb, _, v, ReadRef()) = 1
+    or
+    // there is no reference to `v` inside `bb`, but `v` is live at entry
+    // to a successor basic block of `bb`
+    not exists(refRank(bb, _, v, _)) and
+    liveAtSuccEntry(bb, v)
+  }
+
+  /**
+   * Holds if `v` is live at the beginning of any successor of basic block `bb`.
+   */
+  private predicate liveAtSuccEntry(ReachableBasicBlock bb, SsaSourceVariable v) {
+    liveAtEntry(bb.getASuccessor(_), v)
+  }
+
  /**
   * Holds if `v` is assigned outside its declaring function.
   */
-  cached
-  predicate assignedThroughClosure(SsaSourceVariable v) {
+  private predicate assignedThroughClosure(SsaSourceVariable v) {
    any(IR::Instruction def | def.writes(v, _)).getRoot() != v.getDeclaringFunction()
  }

-  /** SSA input. */
-  cached
-  module SsaInput implements SsaImplCommon::InputSig<Location, BasicBlock> {
-    class SourceVariable = SsaSourceVariable;
+  /**
+   * Holds if the `i`th node of `bb` is a use or an SSA definition of variable `v`, with
+   * `k` indicating whether it is the former or the latter.
+   *
+   * Note this includes phi nodes, whereas `ref` above only includes explicit writes and captures.
+   */
+  private predicate ssaRef(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind k) {
+    useAt(bb, i, v) and k = ReadRef()
+    or
+    any(SsaDefinition def).definesAt(bb, i, v) and k = WriteRef()
+  }

-    /**
-     * Holds if the `i`th node of basic block `bb` is a (potential) write to source
-     * variable `v`. The Boolean `certain` indicates whether the write is certain.
-     *
-     * Certain writes are explicit definitions; uncertain writes are captures.
-     */
-    cached
-    predicate variableWrite(BasicBlock bb, int i, SourceVariable v, boolean certain) {
-      defAt(bb, i, v) and certain = true
+  /**
+   * Gets the (1-based) rank of the `i`th node of `bb` among all SSA definitions
+   * and uses of `v` in `bb`, with `k` indicating whether it is a definition or a use.
+   *
+   * For example, if `bb` is a basic block with a phi node for `v` (considered
+   * to be at index -1), uses `v` at node 2 and defines it at node 5, we have:
+   *
+   * ```
+   * ssaRefRank(bb, -1, v, WriteRef()) = 1    // phi node
+   * ssaRefRank(bb,  2, v, ReadRef())  = 2    // use at node 2
+   * ssaRefRank(bb,  5, v, WriteRef()) = 3    // definition at node 5
+   * ```
+   */
+  private int ssaRefRank(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind k) {
+    i = rank[result](int j | ssaRef(bb, j, v, _)) and
+    ssaRef(bb, i, v, k)
+  }
+
+  /**
+   * Gets the minimum rank of a read in `bb` such that all references to `v` between that
+   * read and the read at index `i` are reads (and not writes).
+   */
+  private int rewindReads(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
+    exists(int r | r = ssaRefRank(bb, i, v, ReadRef()) |
+      exists(int j, RefKind k | r - 1 = ssaRefRank(bb, j, v, k) |
+        k = ReadRef() and result = rewindReads(bb, j, v)
+        or
+        k = WriteRef() and result = r
+      )
      or
-      mayCapture(bb, i, v) and certain = false
+      r = 1 and result = r
+    )
+  }
+
+  /**
+   * Gets the SSA definition of `v` in `bb` that reaches the read of `v` at node `i`, if any.
+   */
+  private SsaDefinition getLocalDefinition(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
+    exists(int r | r = rewindReads(bb, i, v) |
+      exists(int j | result.definesAt(bb, j, v) and ssaRefRank(bb, j, v, _) = r - 1)
+    )
+  }
+
+  /**
+   * Gets an SSA definition of `v` that reaches the end of the immediate dominator of `bb`.
+   */
+  pragma[noinline]
+  private SsaDefinition getDefReachingEndOfImmediateDominator(
+    ReachableBasicBlock bb, SsaSourceVariable v
+  ) {
+    result = getDefReachingEndOf(bb.getImmediateDominator(), v)
+  }
+
+  /**
+   * Gets an SSA definition of `v` that reaches the end of basic block `bb`.
+   */
+  cached
+  SsaDefinition getDefReachingEndOf(ReachableBasicBlock bb, SsaSourceVariable v) {
+    exists(int lastRef | lastRef = max(int i | ssaRef(bb, i, v, _)) |
+      result = getLocalDefinition(bb, lastRef, v)
+      or
+      result.definesAt(bb, lastRef, v) and
+      liveAtSuccEntry(bb, v)
+    )
+    or
+    // In SSA form, the (unique) reaching definition of a use is the closest
+    // definition that dominates the use. If two definitions dominate a node
+    // then one must dominate the other, so we can find the reaching definition
+    // by following the idominance relation backwards.
+    result = getDefReachingEndOfImmediateDominator(bb, v) and
+    not exists(SsaDefinition ssa | ssa.definesAt(bb, _, v)) and
+    liveAtSuccEntry(bb, v)
+  }
+
+  /**
+   * Gets the unique SSA definition of `v` whose value reaches the `i`th node of `bb`,
+   * which is a use of `v`.
+   */
+  cached
+  SsaDefinition getDefinition(ReachableBasicBlock bb, int i, SsaSourceVariable v) {
+    result = getLocalDefinition(bb, i, v)
+    or
+    rewindReads(bb, i, v) = 1 and result = getDefReachingEndOf(bb.getImmediateDominator(), v)
+  }
+
+  private module AdjacentUsesImpl {
+    /** Holds if `v` is defined or used in `b`. */
+    private predicate varOccursInBlock(SsaSourceVariable v, ReachableBasicBlock b) {
+      ssaRef(b, _, v, _)
+    }
+
+    /** Holds if `v` occurs in `b` or one of `b`'s transitive successors. */
+    private predicate blockPrecedesVar(SsaSourceVariable v, ReachableBasicBlock b) {
+      varOccursInBlock(v, b)
+      or
+      exists(getDefReachingEndOf(b, v))
    }

    /**
-     * Holds if the `i`th node of basic block `bb` reads source variable `v`.
+     * Holds if `v` occurs in `b1` and `b2` is one of `b1`'s successors.
     *
-     * We add a synthetic uncertain read at the exit node of every function
-     * that references a captured variable `v`. This ensures that definitions
-     * of captured variables are included in the SSA graph even when the
-     * variable is not locally read in that function scope (but may be read
-     * by another function sharing the same closure).
+     * Factored out of `varBlockReaches` to force join order compared to the larger
+     * set `blockPrecedesVar(v, b2)`.
     */
-    cached
-    predicate variableRead(BasicBlock bb, int i, SourceVariable v, boolean certain) {
-      useAt(bb, i, v) and certain = true
+    pragma[noinline]
+    private predicate varBlockReachesBaseCand(
+      SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2
+    ) {
+      varOccursInBlock(v, b1) and
+      b2 = b1.getASuccessor(_)
+    }
+
+    /**
+     * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and
+     * in `b2` or one of its transitive successors but not in any block on the path
+     * between `b1` and `b2`. Unlike `varBlockReaches` this may include blocks `b2`
+     * where `v` is dead.
+     *
+     * Factored out of `varBlockReaches` to force join order compared to the larger
+     * set `blockPrecedesVar(v, b2)`.
+     */
+    pragma[noinline]
+    private predicate varBlockReachesRecCand(
+      SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock mid, ReachableBasicBlock b2
+    ) {
+      varBlockReaches(v, b1, mid) and
+      not varOccursInBlock(v, mid) and
+      b2 = mid.getASuccessor(_)
+    }
+
+    /**
+     * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and
+     * in `b2` or one of its transitive successors but not in any block on the path
+     * between `b1` and `b2`.
+     */
+    private predicate varBlockReaches(
+      SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2
+    ) {
+      varBlockReachesBaseCand(v, b1, b2) and
+      blockPrecedesVar(v, b2)
      or
-      v.isCaptured() and
-      exists(FuncDef f |
-        f = bb.getScope() and
-        bb.getLastNode().isExitNode() and
-        i = bb.length() - 1 and
-        certain = false
-      |
-        // The declaring function: captures may be read after calls to closures
-        f = v.getDeclaringFunction()
-        or
-        // Any function that writes `v`: the write may be observed by the
-        // declaring function or another closure sharing the same variable
-        any(IR::Instruction def | def.writes(v, _)).getRoot() = f
+      varBlockReachesRecCand(v, b1, _, b2) and
+      blockPrecedesVar(v, b2)
+    }
+
+    /**
+     * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and
+     * `b2` but not in any block on the path between `b1` and `b2`.
+     */
+    private predicate varBlockStep(
+      SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2
+    ) {
+      varBlockReaches(v, b1, b2) and
+      varOccursInBlock(v, b2)
+    }
+
+    /**
+     * Gets the maximum rank among all SSA references to `v` in basic block `bb`.
+     */
+    private int maxSsaRefRank(ReachableBasicBlock bb, SsaSourceVariable v) {
+      result = max(ssaRefRank(bb, _, v, _))
+    }
+
+    /**
+     * Holds if `v` occurs at index `i1` in `b1` and at index `i2` in `b2` and
+     * there is a path between them without any occurrence of `v`.
+     */
+    pragma[nomagic]
+    predicate adjacentVarRefs(
+      SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2
+    ) {
+      exists(int rankix |
+        b1 = b2 and
+        ssaRefRank(b1, i1, v, _) = rankix and
+        ssaRefRank(b2, i2, v, _) = rankix + 1
+      )
+      or
+      maxSsaRefRank(b1, v) = ssaRefRank(b1, i1, v, _) and
+      varBlockStep(v, b1, b2) and
+      ssaRefRank(b2, i2, v, _) = 1
+    }
+
+    predicate variableUse(SsaSourceVariable v, IR::Instruction use, ReachableBasicBlock bb, int i) {
+      bb.getNode(i) = use and
+      exists(SsaVariable sv |
+        sv.getSourceVariable() = v and
+        use = sv.getAUse()
      )
    }
  }
+
+  private import AdjacentUsesImpl
+
+  /**
+   * Holds if the value defined at `def` can reach `use` without passing through
+   * any other uses, but possibly through phi nodes.
+   */
+  cached
+  predicate firstUse(SsaDefinition def, IR::Instruction use) {
+    exists(SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 |
+      adjacentVarRefs(v, b1, i1, b2, i2) and
+      def.definesAt(b1, i1, v) and
+      variableUse(v, use, b2, i2)
+    )
+    or
+    exists(
+      SsaSourceVariable v, SsaPhiNode redef, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2,
+      int i2
+    |
+      adjacentVarRefs(v, b1, i1, b2, i2) and
+      def.definesAt(b1, i1, v) and
+      redef.definesAt(b2, i2, v) and
+      firstUse(redef, use)
+    )
+  }
+
+  /**
+   * Holds if `use1` and `use2` form an adjacent use-use-pair of the same SSA
+   * variable, that is, the value read in `use1` can reach `use2` without passing
+   * through any other use or any SSA definition of the variable.
+   */
+  cached
+  predicate adjacentUseUseSameVar(IR::Instruction use1, IR::Instruction use2) {
+    exists(SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 |
+      adjacentVarRefs(v, b1, i1, b2, i2) and
+      variableUse(v, use1, b1, i1) and
+      variableUse(v, use2, b2, i2)
+    )
+  }
+
+  /**
+   * Holds if `use1` and `use2` form an adjacent use-use-pair of the same
+   * `SsaSourceVariable`, that is, the value read in `use1` can reach `use2`
+   * without passing through any other use or any SSA definition of the variable
+   * except for phi nodes and uncertain implicit updates.
+   */
+  cached
+  predicate adjacentUseUse(IR::Instruction use1, IR::Instruction use2) {
+    adjacentUseUseSameVar(use1, use2)
+    or
+    exists(
+      SsaSourceVariable v, SsaPhiNode def, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2,
+      int i2
+    |
+      adjacentVarRefs(v, b1, i1, b2, i2) and
+      variableUse(v, use1, b1, i1) and
+      def.definesAt(b2, i2, v) and
+      firstUse(def, use2)
+    )
+  }
 }

 import Internal
-import SsaImplCommon::Make<Location, BasicBlocks::Cfg, SsaInput> as Impl
-
-final class Definition = Impl::Definition;
-
-final class WriteDefinition = Impl::WriteDefinition;
-
-final class UncertainWriteDefinition = Impl::UncertainWriteDefinition;
-
-final class PhiNode = Impl::PhiNode;
-
-module Consistency = Impl::Consistency;
-
-/**
- * NB: This predicate should be cached.
- *
- * Holds if the SSA definition of `v` at `def` reaches a read at index `i` in
- * basic block `bb`.
- */
-cached
-predicate ssaDefReachesRead(SsaSourceVariable v, Definition def, BasicBlock bb, int i) {
-  Impl::ssaDefReachesRead(v, def, bb, i)
-}
-
-/**
- * NB: This predicate should be cached.
- *
- * Holds if the SSA definition of `v` at `def` reaches the end of basic block `bb`.
- */
-cached
-predicate ssaDefReachesEndOfBlock(BasicBlock bb, Definition def, SsaSourceVariable v) {
-  Impl::ssaDefReachesEndOfBlock(bb, def, v)
-}
-
-/**
- * NB: This predicate should be cached.
- *
- * Holds if `inp` is an input to the phi node `phi` along the edge originating in `bb`.
- */
-cached
-predicate phiHasInputFromBlock(PhiNode phi, Definition inp, BasicBlock bb) {
-  Impl::phiHasInputFromBlock(phi, inp, bb)
-}
-
-/**
- * NB: This predicate should be cached.
- *
- * Holds if `def` reaches the first use `use` without going through any other use,
- * but possibly through phi nodes.
- */
-cached
-predicate firstUse(Definition def, IR::Instruction use) {
-  exists(BasicBlock bb, int i |
-    Impl::firstUse(def, bb, i, _) and
-    use = bb.getNode(i)
-  )
-}
-
-/**
- * NB: This predicate should be cached.
- *
- * Holds if `use1` and `use2` form an adjacent use-use-pair of the same SSA
- * variable, that is, the value read in `use1` can reach `use2` without passing
- * through any other use or any SSA definition of the variable except for phi nodes
- * and uncertain implicit updates.
- */
-cached
-predicate adjacentUseUse(IR::Instruction use1, IR::Instruction use2) {
-  exists(BasicBlock bb1, int i1, BasicBlock bb2, int i2 |
-    Impl::adjacentUseUse(bb1, i1, bb2, i2, _, _) and
-    use1 = bb1.getNode(i1) and
-    use2 = bb2.getNode(i2)
-  )
-}
--- a/go/ql/src/experimental/CWE-525/WebCacheDeception.ql
+++ b/go/ql/src/experimental/CWE-525/WebCacheDeception.ql
@@ -1,4 +1,4 @@
-/*
+/**
 * @name Web Cache Deception
 * @description A caching system has been detected on the application and is vulnerable to web cache deception. By manipulating the URL it is possible to force the application to cache pages that are only accessible by an authenticated user. Once cached, these pages can be accessed by an unauthenticated user.
 * @kind problem
--- a/go/ql/test/example-tests/snippets/typeinfo.expected
+++ b/go/ql/test/example-tests/snippets/typeinfo.expected
@@ -2,7 +2,7 @@
 | file://:0:0:0:0 | [summary param] -1 in Clone |
 | file://:0:0:0:0 | [summary param] -1 in Write |
 | file://:0:0:0:0 | [summary param] -1 in WriteProxy |
-| main.go:18:12:18:14 | SSA def(req) |
 | main.go:18:12:18:14 | argument corresponding to req |
+| main.go:18:12:18:14 | definition of req |
 | main.go:20:5:20:7 | req |
 | main.go:20:5:20:7 | req [postupdate] |
--- a/go/ql/test/experimental/CWE-090/LDAPInjection.go
+++ b/go/ql/test/experimental/CWE-090/LDAPInjection.go
@@ -54,31 +54,31 @@ func main() {}
 // bad is an example of a bad implementation
 func (ld *Ldap) bad(req *http.Request) {
 	// ...
-	untrusted := req.UserAgent()
+	untrusted := req.UserAgent() // $ Source
 	goldap.NewSearchRequest(
-		untrusted, // BAD: untrusted dn
+		untrusted, // $ Alert // BAD: untrusted dn
 		goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
-		"(&(objectClass=organizationalPerson))"+untrusted, // BAD: untrusted filter
-		[]string{"dn", "cn", untrusted},                   // BAD: untrusted attribute
+		"(&(objectClass=organizationalPerson))"+untrusted, // $ Alert // BAD: untrusted filter
+		[]string{"dn", "cn", untrusted},                   // $ Alert // BAD: untrusted attribute
 		nil,
 	)
 	goldapv3.NewSearchRequest(
-		untrusted, // BAD: untrusted dn
+		untrusted, // $ Alert // BAD: untrusted dn
 		goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
-		"(&(objectClass=organizationalPerson))"+untrusted, // BAD: untrusted filter
-		[]string{"dn", "cn", untrusted},                   // BAD: untrusted attribute
+		"(&(objectClass=organizationalPerson))"+untrusted, // $ Alert // BAD: untrusted filter
+		[]string{"dn", "cn", untrusted},                   // $ Alert // BAD: untrusted attribute
 		nil,
 	)
 	gopkgldapv2.NewSearchRequest(
-		untrusted, // BAD: untrusted dn
+		untrusted, // $ Alert // BAD: untrusted dn
 		goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
-		"(&(objectClass=organizationalPerson))"+untrusted, // BAD: untrusted filter
-		[]string{"dn", "cn", untrusted},                   // BAD: untrusted attribute
+		"(&(objectClass=organizationalPerson))"+untrusted, // $ Alert // BAD: untrusted filter
+		[]string{"dn", "cn", untrusted},                   // $ Alert // BAD: untrusted attribute
 		nil,
 	)
 	client := &ldapclient.LDAPClient{}
-	client.Authenticate(untrusted, "123456") // BAD: untrusted filter
-	client.GetGroupsOfUser(untrusted)        // BAD: untrusted filter
+	client.Authenticate(untrusted, "123456") // $ Alert // BAD: untrusted filter
+	client.GetGroupsOfUser(untrusted)        // $ Alert // BAD: untrusted filter
 	// ...
 }

--- a/go/ql/test/experimental/CWE-090/LDAPInjection.qlref
+++ b/go/ql/test/experimental/CWE-090/LDAPInjection.qlref
@@ -1,2 +1,4 @@
 query: experimental/CWE-090/LDAPInjection.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/experimental/CWE-203/Timing.qlref
+++ b/go/ql/test/experimental/CWE-203/Timing.qlref
@@ -1,2 +1,4 @@
 query: experimental/CWE-203/Timing.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/experimental/CWE-203/timing.go
+++ b/go/ql/test/experimental/CWE-203/timing.go
@@ -12,9 +12,9 @@ func bad(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	secret := "MySuperSecretPasscode"
 	secretHeader := "X-Secret"

-	headerSecret := req.Header.Get(secretHeader)
+	headerSecret := req.Header.Get(secretHeader) // $ Source
 	secretStr := string(secret)
-	if len(headerSecret) != 0 && headerSecret != secretStr {
+	if len(headerSecret) != 0 && headerSecret != secretStr { // $ Alert
 		return nil, fmt.Errorf("header %s=%s did not match expected secret", secretHeader, headerSecret)
 	}
 	return nil, nil
@@ -25,9 +25,9 @@ func bad2(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	secret := "MySuperSecretPasscode"
 	secretHeader := "X-Secret"

-	headerSecret := req.Header.Get(secretHeader)
+	headerSecret := req.Header.Get(secretHeader) // $ Source
 	secretStr := string(secret)
-	if len(headerSecret) != 0 && strings.Compare(headerSecret, secretStr) != 0 {
+	if len(headerSecret) != 0 && strings.Compare(headerSecret, secretStr) != 0 { // $ Alert
 		return nil, fmt.Errorf("header %s=%s did not match expected secret", secretHeader, headerSecret)
 	}
 	return nil, nil
@@ -38,8 +38,8 @@ func bad4(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	secret := "MySuperSecretPasscode"
 	secretHeader := "X-Secret"

-	headerSecret := req.Header.Get(secretHeader)
-	if len(secret) != 0 && headerSecret != "SecretStringLiteral" {
+	headerSecret := req.Header.Get(secretHeader)                   // $ Source
+	if len(secret) != 0 && headerSecret != "SecretStringLiteral" { // $ Alert
 		return nil, fmt.Errorf("header %s=%s did not match expected secret", secretHeader, headerSecret)
 	}
 	return nil, nil
--- a/go/ql/test/experimental/CWE-285/PamAuthBypass.qlref
+++ b/go/ql/test/experimental/CWE-285/PamAuthBypass.qlref
@@ -1 +1,2 @@
-experimental/CWE-285/PamAuthBypass.ql
+query: experimental/CWE-285/PamAuthBypass.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/experimental/CWE-285/main.go
+++ b/go/ql/test/experimental/CWE-285/main.go
@@ -9,7 +9,7 @@ import (
 func bad() error {
 	t, _ := pam.StartFunc("", "", func(s pam.Style, msg string) (string, error) {
 		return "", nil
-	})
+	}) // $ Alert
 	return t.Authenticate(0)

 }
--- a/go/ql/test/experimental/CWE-287/ImproperLdapAuth.go
+++ b/go/ql/test/experimental/CWE-287/ImproperLdapAuth.go
@@ -15,7 +15,7 @@ func bad(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	ldapServer := "ldap.example.com"
 	ldapPort := 389
 	bindDN := "cn=admin,dc=example,dc=com"
-	bindPassword := req.URL.Query()["password"][0]
+	bindPassword := req.URL.Query()["password"][0] // $ Source

 	// Connect to the LDAP server
 	l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ldapServer, ldapPort))
@@ -25,7 +25,7 @@ func bad(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	defer l.Close()

 	// BAD: user input is not sanetized
-	err = l.Bind(bindDN, bindPassword)
+	err = l.Bind(bindDN, bindPassword) // $ Alert
 	if err != nil {
 		return fmt.Errorf("LDAP bind failed: %v", err), err
 	}
@@ -84,7 +84,7 @@ func bad2(req *http.Request) {
 	ldapPort := 389
 	bindDN := "cn=admin,dc=example,dc=com"
 	// BAD : empty password
-	bindPassword := ""
+	bindPassword := "" // $ Source

 	// Connect to the LDAP server
 	l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ldapServer, ldapPort))
@@ -94,7 +94,7 @@ func bad2(req *http.Request) {
 	defer l.Close()

 	// BAD : bindPassword is empty
-	err = l.Bind(bindDN, bindPassword)
+	err = l.Bind(bindDN, bindPassword) // $ Alert
 	if err != nil {
 		log.Fatalf("LDAP bind failed: %v", err)
 	}
--- a/go/ql/test/experimental/CWE-287/ImproperLdapAuth.qlref
+++ b/go/ql/test/experimental/CWE-287/ImproperLdapAuth.qlref
@@ -1,2 +1,4 @@
 query: experimental/CWE-287/ImproperLdapAuth.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/experimental/CWE-321-V2/HardCodedKeys.expected
+++ b/go/ql/test/experimental/CWE-321-V2/HardCodedKeys.expected
@@ -1,3 +1,6 @@
+#select
+| go-jose.v3.go:24:32:24:37 | JwtKey | go-jose.v3.go:13:21:13:33 | "AllYourBase" | go-jose.v3.go:24:32:24:37 | JwtKey | This  $@. | go-jose.v3.go:13:21:13:33 | "AllYourBase" | Constant Key is used as JWT Secret key |
+| golang-jwt-v5.go:27:9:27:15 | JwtKey1 | golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | golang-jwt-v5.go:27:9:27:15 | JwtKey1 | This  $@. | golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | Constant Key is used as JWT Secret key |
 edges
 | go-jose.v3.go:13:14:13:34 | type conversion | go-jose.v3.go:24:32:24:37 | JwtKey | provenance |  |
 | go-jose.v3.go:13:21:13:33 | "AllYourBase" | go-jose.v3.go:13:14:13:34 | type conversion | provenance |  |
@@ -11,6 +14,3 @@ nodes
 | golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | semmle.label | "AllYourBase" |
 | golang-jwt-v5.go:27:9:27:15 | JwtKey1 | semmle.label | JwtKey1 |
 subpaths
-#select
-| go-jose.v3.go:24:32:24:37 | JwtKey | go-jose.v3.go:13:21:13:33 | "AllYourBase" | go-jose.v3.go:24:32:24:37 | JwtKey | This  $@. | go-jose.v3.go:13:21:13:33 | "AllYourBase" | Constant Key is used as JWT Secret key |
-| golang-jwt-v5.go:27:9:27:15 | JwtKey1 | golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | golang-jwt-v5.go:27:9:27:15 | JwtKey1 | This  $@. | golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | Constant Key is used as JWT Secret key |
--- a/go/ql/test/experimental/CWE-321-V2/HardCodedKeys.qlref
+++ b/go/ql/test/experimental/CWE-321-V2/HardCodedKeys.qlref
@@ -1 +1,2 @@
-experimental/CWE-321-V2/HardCodedKeys.ql
+query: experimental/CWE-321-V2/HardCodedKeys.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/experimental/CWE-321-V2/go-jose.v3.go
+++ b/go/ql/test/experimental/CWE-321-V2/go-jose.v3.go
@@ -10,7 +10,7 @@ import (
 )

 // NOT OK
-var JwtKey = []byte("AllYourBase")
+var JwtKey = []byte("AllYourBase") // $ Source

 func main2(r *http.Request) {
 	signedToken := r.URL.Query().Get("signedToken")
@@ -21,7 +21,7 @@ func verifyJWT(signedToken string) {
 	fmt.Println("verifying JWT")
 	DecodedToken, _ := jwt.ParseSigned(signedToken)
 	out := CustomerInfo{}
-	if err := DecodedToken.Claims(JwtKey, &out); err != nil {
+	if err := DecodedToken.Claims(JwtKey, &out); err != nil { // $ Alert
 		panic(err)
 	}
 	fmt.Printf("%v\n", out)
--- a/go/ql/test/experimental/CWE-321-V2/golang-jwt-v5.go
+++ b/go/ql/test/experimental/CWE-321-V2/golang-jwt-v5.go
@@ -16,7 +16,7 @@ type CustomerInfo struct {
 }

 // BAD constant key
-var JwtKey1 = []byte("AllYourBase")
+var JwtKey1 = []byte("AllYourBase") // $ Source

 func main1(r *http.Request) {
 	signedToken := r.URL.Query().Get("signedToken")
@@ -24,7 +24,7 @@ func main1(r *http.Request) {
 }

 func LoadJwtKey(token *jwt.Token) (interface{}, error) {
-	return JwtKey1, nil
+	return JwtKey1, nil // $ Alert
 }

 func verifyJWT_golangjwt(signedToken string) {
--- a/go/ql/test/experimental/CWE-369/DivideByZero.go
+++ b/go/ql/test/experimental/CWE-369/DivideByZero.go
@@ -7,37 +7,37 @@ import (
 )

 func myHandler1(w http.ResponseWriter, r *http.Request) {
-	param1 := r.URL.Query()["param1"][0]
+	param1 := r.URL.Query()["param1"][0] // $ Source
 	value, _ := strconv.Atoi(param1)
-	out := 1337 / value
+	out := 1337 / value // $ Alert
 	fmt.Println(out)
 }

 func myHandler2(w http.ResponseWriter, r *http.Request) {
-	param1 := r.URL.Query()["param1"][0]
+	param1 := r.URL.Query()["param1"][0] // $ Source
 	value := int(param1[0])
-	out := 1337 / value
+	out := 1337 / value // $ Alert
 	fmt.Println(out)
 }

 func myHandler3(w http.ResponseWriter, r *http.Request) {
-	param1 := r.URL.Query()["param1"][0]
+	param1 := r.URL.Query()["param1"][0] // $ Source
 	value, _ := strconv.ParseInt(param1, 10, 64)
-	out := 1337 / value
+	out := 1337 / value // $ Alert
 	fmt.Println(out)
 }

 func myHandler4(w http.ResponseWriter, r *http.Request) {
-	param1 := r.URL.Query()["param1"][0]
+	param1 := r.URL.Query()["param1"][0] // $ Source
 	value, _ := strconv.ParseFloat(param1, 32)
-	out := 1337 / value
+	out := 1337 / value // $ Alert
 	fmt.Println(out)
 }

 func myHandler5(w http.ResponseWriter, r *http.Request) {
-	param1 := r.URL.Query()["param1"][0]
+	param1 := r.URL.Query()["param1"][0] // $ Source
 	value, _ := strconv.ParseUint(param1, 10, 64)
-	out := 1337 / value
+	out := 1337 / value // $ Alert
 	fmt.Println(out)
 }

@@ -51,10 +51,10 @@ func myHandler6(w http.ResponseWriter, r *http.Request) {
 }

 func myHandler7(w http.ResponseWriter, r *http.Request) {
-	param1 := r.URL.Query()["param1"][0]
+	param1 := r.URL.Query()["param1"][0] // $ Source
 	value := int(param1[0])
 	if value >= 0 {
-		out := 1337 / value
+		out := 1337 / value // $ Alert
 		fmt.Println(out)
 	}
 }
--- a/go/ql/test/experimental/CWE-369/DivideByZero.qlref
+++ b/go/ql/test/experimental/CWE-369/DivideByZero.qlref
@@ -1,2 +1,4 @@
 query: experimental/CWE-369/DivideByZero.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/experimental/CWE-400/DatabaseCallInLoop.expected
+++ b/go/ql/test/experimental/CWE-400/DatabaseCallInLoop.expected
@@ -1,3 +1,7 @@
+#select
+| DatabaseCallInLoop.go:9:3:9:41 | call to First | DatabaseCallInLoop.go:7:2:11:2 | range statement | DatabaseCallInLoop.go:9:3:9:41 | call to First | This calls call to First in a $@. | DatabaseCallInLoop.go:7:2:11:2 | range statement | loop |
+| test.go:11:2:11:13 | call to Take | test.go:20:2:22:2 | for statement | test.go:11:2:11:13 | call to Take | This calls call to Take in a $@. | test.go:20:2:22:2 | for statement | loop |
+| test.go:11:2:11:13 | call to Take | test.go:24:2:26:2 | for statement | test.go:11:2:11:13 | call to Take | This calls call to Take in a $@. | test.go:24:2:26:2 | for statement | loop |
 edges
 | DatabaseCallInLoop.go:7:2:11:2 | range statement | DatabaseCallInLoop.go:9:3:9:41 | call to First |
 | test.go:10:1:12:1 | function declaration | test.go:11:2:11:13 | call to Take |
@@ -7,7 +11,3 @@ edges
 | test.go:21:3:21:14 | call to runQuery | test.go:10:1:12:1 | function declaration |
 | test.go:24:2:26:2 | for statement | test.go:25:3:25:17 | call to runRunQuery |
 | test.go:25:3:25:17 | call to runRunQuery | test.go:14:1:16:1 | function declaration |
-#select
-| DatabaseCallInLoop.go:9:3:9:41 | call to First | DatabaseCallInLoop.go:7:2:11:2 | range statement | DatabaseCallInLoop.go:9:3:9:41 | call to First | This calls call to First in a $@. | DatabaseCallInLoop.go:7:2:11:2 | range statement | loop |
-| test.go:11:2:11:13 | call to Take | test.go:20:2:22:2 | for statement | test.go:11:2:11:13 | call to Take | This calls call to Take in a $@. | test.go:20:2:22:2 | for statement | loop |
-| test.go:11:2:11:13 | call to Take | test.go:24:2:26:2 | for statement | test.go:11:2:11:13 | call to Take | This calls call to Take in a $@. | test.go:24:2:26:2 | for statement | loop |
--- a/go/ql/test/experimental/CWE-400/DatabaseCallInLoop.go
+++ b/go/ql/test/experimental/CWE-400/DatabaseCallInLoop.go
@@ -6,8 +6,8 @@ func getUsers(db *gorm.DB, names []string) []User {
 	res := make([]User, 0, len(names))
 	for _, name := range names {
 		var user User
-		db.Where("name = ?", name).First(&user)
+		db.Where("name = ?", name).First(&user) // $ Alert
 		res = append(res, user)
-	}
+	} // $ Source
 	return res
 }
--- a/go/ql/test/experimental/CWE-400/DatabaseCallInLoop.qlref
+++ b/go/ql/test/experimental/CWE-400/DatabaseCallInLoop.qlref
@@ -1 +1,2 @@
-experimental/CWE-400/DatabaseCallInLoop.ql
+query: experimental/CWE-400/DatabaseCallInLoop.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/experimental/CWE-400/test.go
+++ b/go/ql/test/experimental/CWE-400/test.go
@@ -8,7 +8,7 @@ type User struct {
 }

 func runQuery(db *gorm.DB) {
-	db.Take(nil)
+	db.Take(nil) // $ Alert
 }

 func runRunQuery(db *gorm.DB) {
@@ -19,9 +19,9 @@ func main() {
 	var db *gorm.DB
 	for i := 0; i < 10; i++ {
 		runQuery(db)
-	}
+	} // $ Source

 	for i := 10; i > 0; i-- {
 		runRunQuery(db)
-	}
+	} // $ Source
 }
--- a/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected
+++ b/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected
@@ -47,27 +47,27 @@
 | test.go:621:25:621:31 | tarRead | test.go:93:5:93:16 | selection of Body | test.go:621:25:621:31 | tarRead | This decompression is $@. | test.go:93:5:93:16 | selection of Body | decompressing compressed data without managing output size |
 | test.go:629:2:629:8 | tarRead | test.go:93:5:93:16 | selection of Body | test.go:629:2:629:8 | tarRead | This decompression is $@. | test.go:93:5:93:16 | selection of Body | decompressing compressed data without managing output size |
 edges
-| test.go:59:16:59:44 | call to FormValue | test.go:128:20:128:27 | SSA def(filename) | provenance | Src:MaD:2  |
-| test.go:60:15:60:26 | selection of Body | test.go:158:19:158:22 | SSA def(file) | provenance | Src:MaD:1  |
-| test.go:61:24:61:35 | selection of Body | test.go:169:28:169:31 | SSA def(file) | provenance | Src:MaD:1  |
-| test.go:62:13:62:24 | selection of Body | test.go:181:17:181:20 | SSA def(file) | provenance | Src:MaD:1  |
-| test.go:64:8:64:19 | selection of Body | test.go:208:12:208:15 | SSA def(file) | provenance | Src:MaD:1  |
-| test.go:66:8:66:19 | selection of Body | test.go:233:12:233:15 | SSA def(file) | provenance | Src:MaD:1  |
-| test.go:68:17:68:28 | selection of Body | test.go:258:21:258:24 | SSA def(file) | provenance | Src:MaD:1  |
-| test.go:70:13:70:24 | selection of Body | test.go:283:17:283:20 | SSA def(file) | provenance | Src:MaD:1  |
-| test.go:72:16:72:27 | selection of Body | test.go:308:20:308:23 | SSA def(file) | provenance | Src:MaD:1  |
-| test.go:74:7:74:18 | selection of Body | test.go:333:11:333:14 | SSA def(file) | provenance | Src:MaD:1  |
-| test.go:76:9:76:20 | selection of Body | test.go:358:13:358:16 | SSA def(file) | provenance | Src:MaD:1  |
-| test.go:78:18:78:29 | selection of Body | test.go:384:22:384:25 | SSA def(file) | provenance | Src:MaD:1  |
-| test.go:80:5:80:16 | selection of Body | test.go:412:9:412:12 | SSA def(file) | provenance | Src:MaD:1  |
-| test.go:82:7:82:18 | selection of Body | test.go:447:11:447:14 | SSA def(file) | provenance | Src:MaD:1  |
-| test.go:84:15:84:26 | selection of Body | test.go:440:19:440:21 | SSA def(src) | provenance | Src:MaD:1  |
-| test.go:85:16:85:27 | selection of Body | test.go:472:20:472:23 | SSA def(file) | provenance | Src:MaD:1  |
-| test.go:87:16:87:27 | selection of Body | test.go:499:20:499:23 | SSA def(file) | provenance | Src:MaD:1  |
-| test.go:89:17:89:28 | selection of Body | test.go:526:21:526:24 | SSA def(file) | provenance | Src:MaD:1  |
-| test.go:91:15:91:26 | selection of Body | test.go:555:19:555:22 | SSA def(file) | provenance | Src:MaD:1  |
-| test.go:93:5:93:16 | selection of Body | test.go:580:9:580:12 | SSA def(file) | provenance | Src:MaD:1  |
-| test.go:128:20:128:27 | SSA def(filename) | test.go:130:33:130:40 | filename | provenance |  |
+| test.go:59:16:59:44 | call to FormValue | test.go:128:20:128:27 | definition of filename | provenance | Src:MaD:2  |
+| test.go:60:15:60:26 | selection of Body | test.go:158:19:158:22 | definition of file | provenance | Src:MaD:1  |
+| test.go:61:24:61:35 | selection of Body | test.go:169:28:169:31 | definition of file | provenance | Src:MaD:1  |
+| test.go:62:13:62:24 | selection of Body | test.go:181:17:181:20 | definition of file | provenance | Src:MaD:1  |
+| test.go:64:8:64:19 | selection of Body | test.go:208:12:208:15 | definition of file | provenance | Src:MaD:1  |
+| test.go:66:8:66:19 | selection of Body | test.go:233:12:233:15 | definition of file | provenance | Src:MaD:1  |
+| test.go:68:17:68:28 | selection of Body | test.go:258:21:258:24 | definition of file | provenance | Src:MaD:1  |
+| test.go:70:13:70:24 | selection of Body | test.go:283:17:283:20 | definition of file | provenance | Src:MaD:1  |
+| test.go:72:16:72:27 | selection of Body | test.go:308:20:308:23 | definition of file | provenance | Src:MaD:1  |
+| test.go:74:7:74:18 | selection of Body | test.go:333:11:333:14 | definition of file | provenance | Src:MaD:1  |
+| test.go:76:9:76:20 | selection of Body | test.go:358:13:358:16 | definition of file | provenance | Src:MaD:1  |
+| test.go:78:18:78:29 | selection of Body | test.go:384:22:384:25 | definition of file | provenance | Src:MaD:1  |
+| test.go:80:5:80:16 | selection of Body | test.go:412:9:412:12 | definition of file | provenance | Src:MaD:1  |
+| test.go:82:7:82:18 | selection of Body | test.go:447:11:447:14 | definition of file | provenance | Src:MaD:1  |
+| test.go:84:15:84:26 | selection of Body | test.go:440:19:440:21 | definition of src | provenance | Src:MaD:1  |
+| test.go:85:16:85:27 | selection of Body | test.go:472:20:472:23 | definition of file | provenance | Src:MaD:1  |
+| test.go:87:16:87:27 | selection of Body | test.go:499:20:499:23 | definition of file | provenance | Src:MaD:1  |
+| test.go:89:17:89:28 | selection of Body | test.go:526:21:526:24 | definition of file | provenance | Src:MaD:1  |
+| test.go:91:15:91:26 | selection of Body | test.go:555:19:555:22 | definition of file | provenance | Src:MaD:1  |
+| test.go:93:5:93:16 | selection of Body | test.go:580:9:580:12 | definition of file | provenance | Src:MaD:1  |
+| test.go:128:20:128:27 | definition of filename | test.go:130:33:130:40 | filename | provenance |  |
 | test.go:130:2:130:41 | ... := ...[0] | test.go:132:12:132:12 | f | provenance |  |
 | test.go:130:33:130:40 | filename | test.go:130:2:130:41 | ... := ...[0] | provenance | Config |
 | test.go:130:33:130:40 | filename | test.go:143:51:143:58 | filename | provenance |  |
@@ -77,7 +77,7 @@ edges
 | test.go:143:51:143:58 | filename | test.go:143:2:143:59 | ... := ...[0] | provenance | Config |
 | test.go:145:12:145:12 | f | test.go:145:12:145:19 | call to Open | provenance | Config |
 | test.go:145:12:145:19 | call to Open | test.go:147:37:147:38 | rc | provenance |  |
-| test.go:158:19:158:22 | SSA def(file) | test.go:159:25:159:28 | file | provenance |  |
+| test.go:158:19:158:22 | definition of file | test.go:159:25:159:28 | file | provenance |  |
 | test.go:159:2:159:29 | ... := ...[0] | test.go:160:48:160:52 | file1 | provenance |  |
 | test.go:159:25:159:28 | file | test.go:159:2:159:29 | ... := ...[0] | provenance | MaD:6 |
 | test.go:160:2:160:69 | ... := ...[0] | test.go:163:26:163:29 | file | provenance |  |
@@ -85,7 +85,7 @@ edges
 | test.go:160:48:160:52 | file1 | test.go:160:32:160:53 | call to NewReader | provenance | MaD:5 |
 | test.go:163:3:163:36 | ... := ...[0] | test.go:164:36:164:51 | fileReaderCloser | provenance |  |
 | test.go:163:26:163:29 | file | test.go:163:3:163:36 | ... := ...[0] | provenance | MaD:4 |
-| test.go:169:28:169:31 | SSA def(file) | test.go:170:25:170:28 | file | provenance |  |
+| test.go:169:28:169:31 | definition of file | test.go:170:25:170:28 | file | provenance |  |
 | test.go:170:2:170:29 | ... := ...[0] | test.go:171:57:171:61 | file2 | provenance |  |
 | test.go:170:25:170:28 | file | test.go:170:2:170:29 | ... := ...[0] | provenance | MaD:6 |
 | test.go:171:2:171:78 | ... := ...[0] | test.go:175:26:175:29 | file | provenance |  |
@@ -93,64 +93,64 @@ edges
 | test.go:171:57:171:61 | file2 | test.go:171:41:171:62 | call to NewReader | provenance | MaD:5 |
 | test.go:175:26:175:29 | file | test.go:175:26:175:36 | call to Open | provenance | Config |
 | test.go:175:26:175:36 | call to Open | test.go:176:36:176:51 | fileReaderCloser | provenance |  |
-| test.go:181:17:181:20 | SSA def(file) | test.go:184:41:184:44 | file | provenance |  |
+| test.go:181:17:181:20 | definition of file | test.go:184:41:184:44 | file | provenance |  |
 | test.go:184:2:184:73 | ... := ...[0] | test.go:186:2:186:12 | bzip2Reader | provenance |  |
 | test.go:184:2:184:73 | ... := ...[0] | test.go:187:26:187:36 | bzip2Reader | provenance |  |
 | test.go:184:41:184:44 | file | test.go:184:2:184:73 | ... := ...[0] | provenance | Config |
 | test.go:187:12:187:37 | call to NewReader | test.go:189:18:189:24 | tarRead | provenance |  |
 | test.go:187:26:187:36 | bzip2Reader | test.go:187:12:187:37 | call to NewReader | provenance | MaD:3 |
-| test.go:189:18:189:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
-| test.go:208:12:208:15 | SSA def(file) | test.go:211:33:211:36 | file | provenance |  |
+| test.go:189:18:189:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
+| test.go:208:12:208:15 | definition of file | test.go:211:33:211:36 | file | provenance |  |
 | test.go:211:17:211:37 | call to NewReader | test.go:213:2:213:12 | bzip2Reader | provenance |  |
 | test.go:211:17:211:37 | call to NewReader | test.go:214:26:214:36 | bzip2Reader | provenance |  |
 | test.go:211:33:211:36 | file | test.go:211:17:211:37 | call to NewReader | provenance | Config |
 | test.go:214:12:214:37 | call to NewReader | test.go:216:18:216:24 | tarRead | provenance |  |
 | test.go:214:26:214:36 | bzip2Reader | test.go:214:12:214:37 | call to NewReader | provenance | MaD:3 |
-| test.go:216:18:216:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
-| test.go:233:12:233:15 | SSA def(file) | test.go:236:33:236:36 | file | provenance |  |
+| test.go:216:18:216:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
+| test.go:233:12:233:15 | definition of file | test.go:236:33:236:36 | file | provenance |  |
 | test.go:236:17:236:37 | call to NewReader | test.go:238:2:238:12 | flateReader | provenance |  |
 | test.go:236:17:236:37 | call to NewReader | test.go:239:26:239:36 | flateReader | provenance |  |
 | test.go:236:33:236:36 | file | test.go:236:17:236:37 | call to NewReader | provenance | Config |
 | test.go:239:12:239:37 | call to NewReader | test.go:241:18:241:24 | tarRead | provenance |  |
 | test.go:239:26:239:36 | flateReader | test.go:239:12:239:37 | call to NewReader | provenance | MaD:3 |
-| test.go:241:18:241:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
-| test.go:258:21:258:24 | SSA def(file) | test.go:261:42:261:45 | file | provenance |  |
+| test.go:241:18:241:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
+| test.go:258:21:258:24 | definition of file | test.go:261:42:261:45 | file | provenance |  |
 | test.go:261:17:261:46 | call to NewReader | test.go:263:2:263:12 | flateReader | provenance |  |
 | test.go:261:17:261:46 | call to NewReader | test.go:264:26:264:36 | flateReader | provenance |  |
 | test.go:261:42:261:45 | file | test.go:261:17:261:46 | call to NewReader | provenance | Config |
 | test.go:264:12:264:37 | call to NewReader | test.go:266:18:266:24 | tarRead | provenance |  |
 | test.go:264:26:264:36 | flateReader | test.go:264:12:264:37 | call to NewReader | provenance | MaD:3 |
-| test.go:266:18:266:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
-| test.go:283:17:283:20 | SSA def(file) | test.go:286:41:286:44 | file | provenance |  |
+| test.go:266:18:266:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
+| test.go:283:17:283:20 | definition of file | test.go:286:41:286:44 | file | provenance |  |
 | test.go:286:2:286:73 | ... := ...[0] | test.go:288:2:288:12 | flateReader | provenance |  |
 | test.go:286:2:286:73 | ... := ...[0] | test.go:289:26:289:36 | flateReader | provenance |  |
 | test.go:286:41:286:44 | file | test.go:286:2:286:73 | ... := ...[0] | provenance | Config |
 | test.go:289:12:289:37 | call to NewReader | test.go:291:18:291:24 | tarRead | provenance |  |
 | test.go:289:26:289:36 | flateReader | test.go:289:12:289:37 | call to NewReader | provenance | MaD:3 |
-| test.go:291:18:291:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
-| test.go:308:20:308:23 | SSA def(file) | test.go:311:43:311:46 | file | provenance |  |
+| test.go:291:18:291:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
+| test.go:308:20:308:23 | definition of file | test.go:311:43:311:46 | file | provenance |  |
 | test.go:311:2:311:47 | ... := ...[0] | test.go:313:2:313:11 | zlibReader | provenance |  |
 | test.go:311:2:311:47 | ... := ...[0] | test.go:314:26:314:35 | zlibReader | provenance |  |
 | test.go:311:43:311:46 | file | test.go:311:2:311:47 | ... := ...[0] | provenance | Config |
 | test.go:314:12:314:36 | call to NewReader | test.go:316:18:316:24 | tarRead | provenance |  |
 | test.go:314:26:314:35 | zlibReader | test.go:314:12:314:36 | call to NewReader | provenance | MaD:3 |
-| test.go:316:18:316:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
-| test.go:333:11:333:14 | SSA def(file) | test.go:336:34:336:37 | file | provenance |  |
+| test.go:316:18:316:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
+| test.go:333:11:333:14 | definition of file | test.go:336:34:336:37 | file | provenance |  |
 | test.go:336:2:336:38 | ... := ...[0] | test.go:338:2:338:11 | zlibReader | provenance |  |
 | test.go:336:2:336:38 | ... := ...[0] | test.go:339:26:339:35 | zlibReader | provenance |  |
 | test.go:336:34:336:37 | file | test.go:336:2:336:38 | ... := ...[0] | provenance | Config |
 | test.go:339:12:339:36 | call to NewReader | test.go:341:18:341:24 | tarRead | provenance |  |
 | test.go:339:26:339:35 | zlibReader | test.go:339:12:339:36 | call to NewReader | provenance | MaD:3 |
-| test.go:341:18:341:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
-| test.go:358:13:358:16 | SSA def(file) | test.go:361:35:361:38 | file | provenance |  |
+| test.go:341:18:341:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
+| test.go:358:13:358:16 | definition of file | test.go:361:35:361:38 | file | provenance |  |
 | test.go:361:18:361:39 | call to NewReader | test.go:363:2:363:13 | snappyReader | provenance |  |
 | test.go:361:18:361:39 | call to NewReader | test.go:364:2:364:13 | snappyReader | provenance |  |
 | test.go:361:18:361:39 | call to NewReader | test.go:365:26:365:37 | snappyReader | provenance |  |
 | test.go:361:35:361:38 | file | test.go:361:18:361:39 | call to NewReader | provenance | Config |
 | test.go:365:12:365:38 | call to NewReader | test.go:367:18:367:24 | tarRead | provenance |  |
 | test.go:365:26:365:37 | snappyReader | test.go:365:12:365:38 | call to NewReader | provenance | MaD:3 |
-| test.go:367:18:367:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
-| test.go:384:22:384:25 | SSA def(file) | test.go:387:44:387:47 | file | provenance |  |
+| test.go:367:18:367:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
+| test.go:384:22:384:25 | definition of file | test.go:387:44:387:47 | file | provenance |  |
 | test.go:387:18:387:48 | call to NewReader | test.go:389:2:389:13 | snappyReader | provenance |  |
 | test.go:387:18:387:48 | call to NewReader | test.go:391:2:391:13 | snappyReader | provenance |  |
 | test.go:387:18:387:48 | call to NewReader | test.go:392:2:392:13 | snappyReader | provenance |  |
@@ -158,8 +158,8 @@ edges
 | test.go:387:44:387:47 | file | test.go:387:18:387:48 | call to NewReader | provenance | Config |
 | test.go:393:12:393:38 | call to NewReader | test.go:395:18:395:24 | tarRead | provenance |  |
 | test.go:393:26:393:37 | snappyReader | test.go:393:12:393:38 | call to NewReader | provenance | MaD:3 |
-| test.go:395:18:395:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
-| test.go:412:9:412:12 | SSA def(file) | test.go:415:27:415:30 | file | provenance |  |
+| test.go:395:18:395:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
+| test.go:412:9:412:12 | definition of file | test.go:415:27:415:30 | file | provenance |  |
 | test.go:415:14:415:31 | call to NewReader | test.go:417:2:417:9 | s2Reader | provenance |  |
 | test.go:415:14:415:31 | call to NewReader | test.go:418:2:418:9 | s2Reader | provenance |  |
 | test.go:415:14:415:31 | call to NewReader | test.go:420:2:420:9 | s2Reader | provenance |  |
@@ -167,35 +167,35 @@ edges
 | test.go:415:27:415:30 | file | test.go:415:14:415:31 | call to NewReader | provenance | Config |
 | test.go:421:12:421:34 | call to NewReader | test.go:423:18:423:24 | tarRead | provenance |  |
 | test.go:421:26:421:33 | s2Reader | test.go:421:12:421:34 | call to NewReader | provenance | MaD:3 |
-| test.go:423:18:423:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
-| test.go:440:19:440:21 | SSA def(src) | test.go:441:34:441:36 | src | provenance |  |
+| test.go:423:18:423:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
+| test.go:440:19:440:21 | definition of src | test.go:441:34:441:36 | src | provenance |  |
 | test.go:441:2:441:37 | ... := ...[0] | test.go:444:12:444:32 | type conversion | provenance |  |
 | test.go:441:34:441:36 | src | test.go:441:2:441:37 | ... := ...[0] | provenance | Config |
 | test.go:444:12:444:32 | type conversion | test.go:445:23:445:28 | newSrc | provenance |  |
-| test.go:447:11:447:14 | SSA def(file) | test.go:450:34:450:37 | file | provenance |  |
+| test.go:447:11:447:14 | definition of file | test.go:450:34:450:37 | file | provenance |  |
 | test.go:450:2:450:38 | ... := ...[0] | test.go:452:2:452:11 | gzipReader | provenance |  |
 | test.go:450:2:450:38 | ... := ...[0] | test.go:453:26:453:35 | gzipReader | provenance |  |
 | test.go:450:34:450:37 | file | test.go:450:2:450:38 | ... := ...[0] | provenance | Config |
 | test.go:453:12:453:36 | call to NewReader | test.go:455:18:455:24 | tarRead | provenance |  |
 | test.go:453:26:453:35 | gzipReader | test.go:453:12:453:36 | call to NewReader | provenance | MaD:3 |
-| test.go:455:18:455:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
-| test.go:472:20:472:23 | SSA def(file) | test.go:475:43:475:46 | file | provenance |  |
+| test.go:455:18:455:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
+| test.go:472:20:472:23 | definition of file | test.go:475:43:475:46 | file | provenance |  |
 | test.go:475:2:475:47 | ... := ...[0] | test.go:477:2:477:11 | gzipReader | provenance |  |
 | test.go:475:2:475:47 | ... := ...[0] | test.go:479:2:479:11 | gzipReader | provenance |  |
 | test.go:475:2:475:47 | ... := ...[0] | test.go:480:26:480:35 | gzipReader | provenance |  |
 | test.go:475:43:475:46 | file | test.go:475:2:475:47 | ... := ...[0] | provenance | Config |
 | test.go:480:12:480:36 | call to NewReader | test.go:482:18:482:24 | tarRead | provenance |  |
 | test.go:480:26:480:35 | gzipReader | test.go:480:12:480:36 | call to NewReader | provenance | MaD:3 |
-| test.go:482:18:482:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
-| test.go:499:20:499:23 | SSA def(file) | test.go:502:45:502:48 | file | provenance |  |
+| test.go:482:18:482:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
+| test.go:499:20:499:23 | definition of file | test.go:502:45:502:48 | file | provenance |  |
 | test.go:502:2:502:49 | ... := ...[0] | test.go:504:2:504:12 | pgzipReader | provenance |  |
 | test.go:502:2:502:49 | ... := ...[0] | test.go:506:2:506:12 | pgzipReader | provenance |  |
 | test.go:502:2:502:49 | ... := ...[0] | test.go:507:26:507:36 | pgzipReader | provenance |  |
 | test.go:502:45:502:48 | file | test.go:502:2:502:49 | ... := ...[0] | provenance | Config |
 | test.go:507:12:507:37 | call to NewReader | test.go:509:18:509:24 | tarRead | provenance |  |
 | test.go:507:26:507:36 | pgzipReader | test.go:507:12:507:37 | call to NewReader | provenance | MaD:3 |
-| test.go:509:18:509:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
-| test.go:526:21:526:24 | SSA def(file) | test.go:529:43:529:46 | file | provenance |  |
+| test.go:509:18:509:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
+| test.go:526:21:526:24 | definition of file | test.go:529:43:529:46 | file | provenance |  |
 | test.go:529:2:529:47 | ... := ...[0] | test.go:531:2:531:11 | zstdReader | provenance |  |
 | test.go:529:2:529:47 | ... := ...[0] | test.go:533:2:533:11 | zstdReader | provenance |  |
 | test.go:529:2:529:47 | ... := ...[0] | test.go:535:2:535:11 | zstdReader | provenance |  |
@@ -203,33 +203,33 @@ edges
 | test.go:529:43:529:46 | file | test.go:529:2:529:47 | ... := ...[0] | provenance | Config |
 | test.go:536:12:536:36 | call to NewReader | test.go:538:18:538:24 | tarRead | provenance |  |
 | test.go:536:26:536:35 | zstdReader | test.go:536:12:536:36 | call to NewReader | provenance | MaD:3 |
-| test.go:538:18:538:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
-| test.go:555:19:555:22 | SSA def(file) | test.go:558:38:558:41 | file | provenance |  |
+| test.go:538:18:538:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
+| test.go:555:19:555:22 | definition of file | test.go:558:38:558:41 | file | provenance |  |
 | test.go:558:16:558:42 | call to NewReader | test.go:560:2:560:11 | zstdReader | provenance |  |
 | test.go:558:16:558:42 | call to NewReader | test.go:561:26:561:35 | zstdReader | provenance |  |
 | test.go:558:38:558:41 | file | test.go:558:16:558:42 | call to NewReader | provenance | Config |
 | test.go:561:12:561:36 | call to NewReader | test.go:563:18:563:24 | tarRead | provenance |  |
 | test.go:561:26:561:35 | zstdReader | test.go:561:12:561:36 | call to NewReader | provenance | MaD:3 |
-| test.go:563:18:563:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
-| test.go:580:9:580:12 | SSA def(file) | test.go:583:30:583:33 | file | provenance |  |
+| test.go:563:18:563:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
+| test.go:580:9:580:12 | definition of file | test.go:583:30:583:33 | file | provenance |  |
 | test.go:583:2:583:34 | ... := ...[0] | test.go:585:2:585:9 | xzReader | provenance |  |
 | test.go:583:2:583:34 | ... := ...[0] | test.go:586:26:586:33 | xzReader | provenance |  |
 | test.go:583:30:583:33 | file | test.go:583:2:583:34 | ... := ...[0] | provenance | Config |
 | test.go:586:12:586:34 | call to NewReader | test.go:589:18:589:24 | tarRead | provenance |  |
 | test.go:586:12:586:34 | call to NewReader | test.go:590:19:590:25 | tarRead | provenance |  |
 | test.go:586:26:586:33 | xzReader | test.go:586:12:586:34 | call to NewReader | provenance | MaD:3 |
-| test.go:589:18:589:24 | tarRead | test.go:611:22:611:28 | SSA def(tarRead) | provenance |  |
-| test.go:590:19:590:25 | tarRead | test.go:627:23:627:29 | SSA def(tarRead) | provenance |  |
-| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:611:22:611:28 | SSA def(tarRead) | test.go:621:25:621:31 | tarRead | provenance |  |
-| test.go:627:23:627:29 | SSA def(tarRead) | test.go:629:2:629:8 | tarRead | provenance |  |
+| test.go:589:18:589:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
+| test.go:590:19:590:25 | tarRead | test.go:627:23:627:29 | definition of tarRead | provenance |  |
+| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:611:22:611:28 | definition of tarRead | test.go:621:25:621:31 | tarRead | provenance |  |
+| test.go:627:23:627:29 | definition of tarRead | test.go:629:2:629:8 | tarRead | provenance |  |
 models
 | 1 | Source: net/http; Request; true; Body; ; ; ; remote; manual |
 | 2 | Source: net/http; Request; true; FormValue; ; ; ReturnValue; remote; manual |
@@ -258,7 +258,7 @@ nodes
 | test.go:89:17:89:28 | selection of Body | semmle.label | selection of Body |
 | test.go:91:15:91:26 | selection of Body | semmle.label | selection of Body |
 | test.go:93:5:93:16 | selection of Body | semmle.label | selection of Body |
-| test.go:128:20:128:27 | SSA def(filename) | semmle.label | SSA def(filename) |
+| test.go:128:20:128:27 | definition of filename | semmle.label | definition of filename |
 | test.go:130:2:130:41 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:130:33:130:40 | filename | semmle.label | filename |
 | test.go:132:3:132:19 | ... := ...[0] | semmle.label | ... := ...[0] |
@@ -269,7 +269,7 @@ nodes
 | test.go:145:12:145:12 | f | semmle.label | f |
 | test.go:145:12:145:19 | call to Open | semmle.label | call to Open |
 | test.go:147:37:147:38 | rc | semmle.label | rc |
-| test.go:158:19:158:22 | SSA def(file) | semmle.label | SSA def(file) |
+| test.go:158:19:158:22 | definition of file | semmle.label | definition of file |
 | test.go:159:2:159:29 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:159:25:159:28 | file | semmle.label | file |
 | test.go:160:2:160:69 | ... := ...[0] | semmle.label | ... := ...[0] |
@@ -278,7 +278,7 @@ nodes
 | test.go:163:3:163:36 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:163:26:163:29 | file | semmle.label | file |
 | test.go:164:36:164:51 | fileReaderCloser | semmle.label | fileReaderCloser |
-| test.go:169:28:169:31 | SSA def(file) | semmle.label | SSA def(file) |
+| test.go:169:28:169:31 | definition of file | semmle.label | definition of file |
 | test.go:170:2:170:29 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:170:25:170:28 | file | semmle.label | file |
 | test.go:171:2:171:78 | ... := ...[0] | semmle.label | ... := ...[0] |
@@ -287,56 +287,56 @@ nodes
 | test.go:175:26:175:29 | file | semmle.label | file |
 | test.go:175:26:175:36 | call to Open | semmle.label | call to Open |
 | test.go:176:36:176:51 | fileReaderCloser | semmle.label | fileReaderCloser |
-| test.go:181:17:181:20 | SSA def(file) | semmle.label | SSA def(file) |
+| test.go:181:17:181:20 | definition of file | semmle.label | definition of file |
 | test.go:184:2:184:73 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:184:41:184:44 | file | semmle.label | file |
 | test.go:186:2:186:12 | bzip2Reader | semmle.label | bzip2Reader |
 | test.go:187:12:187:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:187:26:187:36 | bzip2Reader | semmle.label | bzip2Reader |
 | test.go:189:18:189:24 | tarRead | semmle.label | tarRead |
-| test.go:208:12:208:15 | SSA def(file) | semmle.label | SSA def(file) |
+| test.go:208:12:208:15 | definition of file | semmle.label | definition of file |
 | test.go:211:17:211:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:211:33:211:36 | file | semmle.label | file |
 | test.go:213:2:213:12 | bzip2Reader | semmle.label | bzip2Reader |
 | test.go:214:12:214:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:214:26:214:36 | bzip2Reader | semmle.label | bzip2Reader |
 | test.go:216:18:216:24 | tarRead | semmle.label | tarRead |
-| test.go:233:12:233:15 | SSA def(file) | semmle.label | SSA def(file) |
+| test.go:233:12:233:15 | definition of file | semmle.label | definition of file |
 | test.go:236:17:236:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:236:33:236:36 | file | semmle.label | file |
 | test.go:238:2:238:12 | flateReader | semmle.label | flateReader |
 | test.go:239:12:239:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:239:26:239:36 | flateReader | semmle.label | flateReader |
 | test.go:241:18:241:24 | tarRead | semmle.label | tarRead |
-| test.go:258:21:258:24 | SSA def(file) | semmle.label | SSA def(file) |
+| test.go:258:21:258:24 | definition of file | semmle.label | definition of file |
 | test.go:261:17:261:46 | call to NewReader | semmle.label | call to NewReader |
 | test.go:261:42:261:45 | file | semmle.label | file |
 | test.go:263:2:263:12 | flateReader | semmle.label | flateReader |
 | test.go:264:12:264:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:264:26:264:36 | flateReader | semmle.label | flateReader |
 | test.go:266:18:266:24 | tarRead | semmle.label | tarRead |
-| test.go:283:17:283:20 | SSA def(file) | semmle.label | SSA def(file) |
+| test.go:283:17:283:20 | definition of file | semmle.label | definition of file |
 | test.go:286:2:286:73 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:286:41:286:44 | file | semmle.label | file |
 | test.go:288:2:288:12 | flateReader | semmle.label | flateReader |
 | test.go:289:12:289:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:289:26:289:36 | flateReader | semmle.label | flateReader |
 | test.go:291:18:291:24 | tarRead | semmle.label | tarRead |
-| test.go:308:20:308:23 | SSA def(file) | semmle.label | SSA def(file) |
+| test.go:308:20:308:23 | definition of file | semmle.label | definition of file |
 | test.go:311:2:311:47 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:311:43:311:46 | file | semmle.label | file |
 | test.go:313:2:313:11 | zlibReader | semmle.label | zlibReader |
 | test.go:314:12:314:36 | call to NewReader | semmle.label | call to NewReader |
 | test.go:314:26:314:35 | zlibReader | semmle.label | zlibReader |
 | test.go:316:18:316:24 | tarRead | semmle.label | tarRead |
-| test.go:333:11:333:14 | SSA def(file) | semmle.label | SSA def(file) |
+| test.go:333:11:333:14 | definition of file | semmle.label | definition of file |
 | test.go:336:2:336:38 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:336:34:336:37 | file | semmle.label | file |
 | test.go:338:2:338:11 | zlibReader | semmle.label | zlibReader |
 | test.go:339:12:339:36 | call to NewReader | semmle.label | call to NewReader |
 | test.go:339:26:339:35 | zlibReader | semmle.label | zlibReader |
 | test.go:341:18:341:24 | tarRead | semmle.label | tarRead |
-| test.go:358:13:358:16 | SSA def(file) | semmle.label | SSA def(file) |
+| test.go:358:13:358:16 | definition of file | semmle.label | definition of file |
 | test.go:361:18:361:39 | call to NewReader | semmle.label | call to NewReader |
 | test.go:361:35:361:38 | file | semmle.label | file |
 | test.go:363:2:363:13 | snappyReader | semmle.label | snappyReader |
@@ -344,7 +344,7 @@ nodes
 | test.go:365:12:365:38 | call to NewReader | semmle.label | call to NewReader |
 | test.go:365:26:365:37 | snappyReader | semmle.label | snappyReader |
 | test.go:367:18:367:24 | tarRead | semmle.label | tarRead |
-| test.go:384:22:384:25 | SSA def(file) | semmle.label | SSA def(file) |
+| test.go:384:22:384:25 | definition of file | semmle.label | definition of file |
 | test.go:387:18:387:48 | call to NewReader | semmle.label | call to NewReader |
 | test.go:387:44:387:47 | file | semmle.label | file |
 | test.go:389:2:389:13 | snappyReader | semmle.label | snappyReader |
@@ -353,7 +353,7 @@ nodes
 | test.go:393:12:393:38 | call to NewReader | semmle.label | call to NewReader |
 | test.go:393:26:393:37 | snappyReader | semmle.label | snappyReader |
 | test.go:395:18:395:24 | tarRead | semmle.label | tarRead |
-| test.go:412:9:412:12 | SSA def(file) | semmle.label | SSA def(file) |
+| test.go:412:9:412:12 | definition of file | semmle.label | definition of file |
 | test.go:415:14:415:31 | call to NewReader | semmle.label | call to NewReader |
 | test.go:415:27:415:30 | file | semmle.label | file |
 | test.go:417:2:417:9 | s2Reader | semmle.label | s2Reader |
@@ -362,19 +362,19 @@ nodes
 | test.go:421:12:421:34 | call to NewReader | semmle.label | call to NewReader |
 | test.go:421:26:421:33 | s2Reader | semmle.label | s2Reader |
 | test.go:423:18:423:24 | tarRead | semmle.label | tarRead |
-| test.go:440:19:440:21 | SSA def(src) | semmle.label | SSA def(src) |
+| test.go:440:19:440:21 | definition of src | semmle.label | definition of src |
 | test.go:441:2:441:37 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:441:34:441:36 | src | semmle.label | src |
 | test.go:444:12:444:32 | type conversion | semmle.label | type conversion |
 | test.go:445:23:445:28 | newSrc | semmle.label | newSrc |
-| test.go:447:11:447:14 | SSA def(file) | semmle.label | SSA def(file) |
+| test.go:447:11:447:14 | definition of file | semmle.label | definition of file |
 | test.go:450:2:450:38 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:450:34:450:37 | file | semmle.label | file |
 | test.go:452:2:452:11 | gzipReader | semmle.label | gzipReader |
 | test.go:453:12:453:36 | call to NewReader | semmle.label | call to NewReader |
 | test.go:453:26:453:35 | gzipReader | semmle.label | gzipReader |
 | test.go:455:18:455:24 | tarRead | semmle.label | tarRead |
-| test.go:472:20:472:23 | SSA def(file) | semmle.label | SSA def(file) |
+| test.go:472:20:472:23 | definition of file | semmle.label | definition of file |
 | test.go:475:2:475:47 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:475:43:475:46 | file | semmle.label | file |
 | test.go:477:2:477:11 | gzipReader | semmle.label | gzipReader |
@@ -382,7 +382,7 @@ nodes
 | test.go:480:12:480:36 | call to NewReader | semmle.label | call to NewReader |
 | test.go:480:26:480:35 | gzipReader | semmle.label | gzipReader |
 | test.go:482:18:482:24 | tarRead | semmle.label | tarRead |
-| test.go:499:20:499:23 | SSA def(file) | semmle.label | SSA def(file) |
+| test.go:499:20:499:23 | definition of file | semmle.label | definition of file |
 | test.go:502:2:502:49 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:502:45:502:48 | file | semmle.label | file |
 | test.go:504:2:504:12 | pgzipReader | semmle.label | pgzipReader |
@@ -390,7 +390,7 @@ nodes
 | test.go:507:12:507:37 | call to NewReader | semmle.label | call to NewReader |
 | test.go:507:26:507:36 | pgzipReader | semmle.label | pgzipReader |
 | test.go:509:18:509:24 | tarRead | semmle.label | tarRead |
-| test.go:526:21:526:24 | SSA def(file) | semmle.label | SSA def(file) |
+| test.go:526:21:526:24 | definition of file | semmle.label | definition of file |
 | test.go:529:2:529:47 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:529:43:529:46 | file | semmle.label | file |
 | test.go:531:2:531:11 | zstdReader | semmle.label | zstdReader |
@@ -399,14 +399,14 @@ nodes
 | test.go:536:12:536:36 | call to NewReader | semmle.label | call to NewReader |
 | test.go:536:26:536:35 | zstdReader | semmle.label | zstdReader |
 | test.go:538:18:538:24 | tarRead | semmle.label | tarRead |
-| test.go:555:19:555:22 | SSA def(file) | semmle.label | SSA def(file) |
+| test.go:555:19:555:22 | definition of file | semmle.label | definition of file |
 | test.go:558:16:558:42 | call to NewReader | semmle.label | call to NewReader |
 | test.go:558:38:558:41 | file | semmle.label | file |
 | test.go:560:2:560:11 | zstdReader | semmle.label | zstdReader |
 | test.go:561:12:561:36 | call to NewReader | semmle.label | call to NewReader |
 | test.go:561:26:561:35 | zstdReader | semmle.label | zstdReader |
 | test.go:563:18:563:24 | tarRead | semmle.label | tarRead |
-| test.go:580:9:580:12 | SSA def(file) | semmle.label | SSA def(file) |
+| test.go:580:9:580:12 | definition of file | semmle.label | definition of file |
 | test.go:583:2:583:34 | ... := ...[0] | semmle.label | ... := ...[0] |
 | test.go:583:30:583:33 | file | semmle.label | file |
 | test.go:585:2:585:9 | xzReader | semmle.label | xzReader |
@@ -414,15 +414,15 @@ nodes
 | test.go:586:26:586:33 | xzReader | semmle.label | xzReader |
 | test.go:589:18:589:24 | tarRead | semmle.label | tarRead |
 | test.go:590:19:590:25 | tarRead | semmle.label | tarRead |
-| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
-| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
-| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
-| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
-| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
-| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
-| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
-| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
-| test.go:611:22:611:28 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
+| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
+| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
+| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
+| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
+| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
+| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
+| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
+| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
+| test.go:611:22:611:28 | definition of tarRead | semmle.label | definition of tarRead |
 | test.go:621:25:621:31 | tarRead | semmle.label | tarRead |
 | test.go:621:25:621:31 | tarRead | semmle.label | tarRead |
 | test.go:621:25:621:31 | tarRead | semmle.label | tarRead |
@@ -432,6 +432,6 @@ nodes
 | test.go:621:25:621:31 | tarRead | semmle.label | tarRead |
 | test.go:621:25:621:31 | tarRead | semmle.label | tarRead |
 | test.go:621:25:621:31 | tarRead | semmle.label | tarRead |
-| test.go:627:23:627:29 | SSA def(tarRead) | semmle.label | SSA def(tarRead) |
+| test.go:627:23:627:29 | definition of tarRead | semmle.label | definition of tarRead |
 | test.go:629:2:629:8 | tarRead | semmle.label | tarRead |
 subpaths
--- a/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.qlref
+++ b/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.qlref
@@ -1,2 +1,4 @@
 query: experimental/CWE-522-DecompressionBombs/DecompressionBombs.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/experimental/CWE-522-DecompressionBombs/test.go
+++ b/go/ql/test/experimental/CWE-522-DecompressionBombs/test.go
@@ -56,41 +56,41 @@ func main() {
 func DecompressHandler(w http.ResponseWriter, request *http.Request) {
 	GZipOpenReaderSafe(request.PostFormValue("test"))
 	ZipOpenReaderSafe(request.PostFormValue("test"))
-	ZipOpenReader(request.FormValue("filepath"))
-	ZipNewReader(request.Body)
-	ZipNewReaderKlauspost(request.Body)
-	Bzip2Dsnet(request.Body)
+	ZipOpenReader(request.FormValue("filepath")) // $ Source
+	ZipNewReader(request.Body)                   // $ Source
+	ZipNewReaderKlauspost(request.Body)          // $ Source
+	Bzip2Dsnet(request.Body)                     // $ Source
 	Bzip2DsnetSafe(request.Body)
-	Bzip2(request.Body)
+	Bzip2(request.Body) // $ Source
 	Bzip2Safe(request.Body)
-	Flate(request.Body)
+	Flate(request.Body) // $ Source
 	FlateSafe(request.Body)
-	FlateKlauspost(request.Body)
+	FlateKlauspost(request.Body) // $ Source
 	FlateKlauspostSafe(request.Body)
-	FlateDsnet(request.Body)
+	FlateDsnet(request.Body) // $ Source
 	FlateDsnetSafe(request.Body)
-	ZlibKlauspost(request.Body)
+	ZlibKlauspost(request.Body) // $ Source
 	ZlibKlauspostSafe(request.Body)
-	Zlib(request.Body)
+	Zlib(request.Body) // $ Source
 	ZlibSafe(request.Body)
-	Snappy(request.Body)
+	Snappy(request.Body) // $ Source
 	SnappySafe(request.Body)
-	SnappyKlauspost(request.Body)
+	SnappyKlauspost(request.Body) // $ Source
 	SnappyKlauspostSafe(request.Body)
-	S2(request.Body)
+	S2(request.Body) // $ Source
 	S2Safe(request.Body)
-	Gzip(request.Body)
+	Gzip(request.Body) // $ Source
 	GzipSafe(request.Body)
-	GZipIoReader(request.Body, "dest")
-	GzipKlauspost(request.Body)
+	GZipIoReader(request.Body, "dest") // $ Source
+	GzipKlauspost(request.Body)        // $ Source
 	GzipKlauspostSafe(request.Body)
-	PzipKlauspost(request.Body)
+	PzipKlauspost(request.Body) // $ Source
 	PzipKlauspostSafe(request.Body)
-	Zstd_Klauspost(request.Body)
+	Zstd_Klauspost(request.Body) // $ Source
 	Zstd_KlauspostSafe(request.Body)
-	Zstd_DataDog(request.Body)
+	Zstd_DataDog(request.Body) // $ Source
 	Zstd_DataDogSafe(request.Body)
-	Xz(request.Body)
+	Xz(request.Body) // $ Source
 	XzSafe(request.Body)
 }

@@ -131,7 +131,7 @@ func ZipOpenReader(filename string) {
 	for _, f := range zipReader.File {
 		rc, _ := f.Open()
 		for {
-			result, _ := io.CopyN(os.Stdout, rc, 68) // $ hasValueFlow="rc"
+			result, _ := io.CopyN(os.Stdout, rc, 68) // $ hasValueFlow="rc" Alert
 			if result == 0 {
 				_ = rc.Close()
 				break
@@ -144,7 +144,7 @@ func ZipOpenReader(filename string) {
 	for _, f := range zipKlauspostReader.File {
 		rc, _ := f.Open()
 		for {
-			result, _ := io.CopyN(os.Stdout, rc, 68) // $ hasValueFlow="rc"
+			result, _ := io.CopyN(os.Stdout, rc, 68) // $ hasValueFlow="rc" Alert
 			if result == 0 {
 				_ = rc.Close()
 				break
@@ -161,7 +161,7 @@ func ZipNewReader(file io.Reader) {
 	for _, file := range zipReader.File {
 		fileWriter := bytes.NewBuffer([]byte{})
 		fileReaderCloser, _ := file.Open()
-		result, _ := io.Copy(fileWriter, fileReaderCloser) // $ hasValueFlow="fileReaderCloser"
+		result, _ := io.Copy(fileWriter, fileReaderCloser) // $ hasValueFlow="fileReaderCloser" Alert
 		fmt.Print(result)
 	}
 }
@@ -173,7 +173,7 @@ func ZipNewReaderKlauspost(file io.Reader) {
 		fileWriter := bytes.NewBuffer([]byte{})
 		// file.OpenRaw()
 		fileReaderCloser, _ := file.Open()
-		result, _ := io.Copy(fileWriter, fileReaderCloser) // $ hasValueFlow="fileReaderCloser"
+		result, _ := io.Copy(fileWriter, fileReaderCloser) // $ hasValueFlow="fileReaderCloser" Alert
 		fmt.Print(result)
 	}
 }
@@ -183,7 +183,7 @@ func Bzip2Dsnet(file io.Reader) {

 	bzip2Reader, _ := bzip2Dsnet.NewReader(file, &bzip2Dsnet.ReaderConfig{})
 	var out []byte = make([]byte, 70)
-	bzip2Reader.Read(out) // $ hasValueFlow="bzip2Reader"
+	bzip2Reader.Read(out) // $ hasValueFlow="bzip2Reader" Alert
 	tarRead = tar.NewReader(bzip2Reader)

 	TarDecompressor(tarRead)
@@ -210,7 +210,7 @@ func Bzip2(file io.Reader) {

 	bzip2Reader := bzip2.NewReader(file)
 	var out []byte = make([]byte, 70)
-	bzip2Reader.Read(out) // $ hasValueFlow="bzip2Reader"
+	bzip2Reader.Read(out) // $ hasValueFlow="bzip2Reader" Alert
 	tarRead = tar.NewReader(bzip2Reader)

 	TarDecompressor(tarRead)
@@ -235,7 +235,7 @@ func Flate(file io.Reader) {

 	flateReader := flate.NewReader(file)
 	var out []byte = make([]byte, 70)
-	flateReader.Read(out) // $ hasValueFlow="flateReader"
+	flateReader.Read(out) // $ hasValueFlow="flateReader" Alert
 	tarRead = tar.NewReader(flateReader)

 	TarDecompressor(tarRead)
@@ -260,7 +260,7 @@ func FlateKlauspost(file io.Reader) {

 	flateReader := flateKlauspost.NewReader(file)
 	var out []byte = make([]byte, 70)
-	flateReader.Read(out) // $ hasValueFlow="flateReader"
+	flateReader.Read(out) // $ hasValueFlow="flateReader" Alert
 	tarRead = tar.NewReader(flateReader)

 	TarDecompressor(tarRead)
@@ -285,7 +285,7 @@ func FlateDsnet(file io.Reader) {

 	flateReader, _ := flateDsnet.NewReader(file, &flateDsnet.ReaderConfig{})
 	var out []byte = make([]byte, 70)
-	flateReader.Read(out) // $ hasValueFlow="flateReader"
+	flateReader.Read(out) // $ hasValueFlow="flateReader" Alert
 	tarRead = tar.NewReader(flateReader)

 	TarDecompressor(tarRead)
@@ -310,7 +310,7 @@ func ZlibKlauspost(file io.Reader) {

 	zlibReader, _ := zlibKlauspost.NewReader(file)
 	var out []byte = make([]byte, 70)
-	zlibReader.Read(out) // $ hasValueFlow="zlibReader"
+	zlibReader.Read(out) // $ hasValueFlow="zlibReader" Alert
 	tarRead = tar.NewReader(zlibReader)

 	TarDecompressor(tarRead)
@@ -335,7 +335,7 @@ func Zlib(file io.Reader) {

 	zlibReader, _ := zlib.NewReader(file)
 	var out []byte = make([]byte, 70)
-	zlibReader.Read(out) // $ hasValueFlow="zlibReader"
+	zlibReader.Read(out) // $ hasValueFlow="zlibReader" Alert
 	tarRead = tar.NewReader(zlibReader)

 	TarDecompressor(tarRead)
@@ -360,8 +360,8 @@ func Snappy(file io.Reader) {

 	snappyReader := snappy.NewReader(file)
 	var out []byte = make([]byte, 70)
-	snappyReader.Read(out)  // $ hasValueFlow="snappyReader"
-	snappyReader.ReadByte() // $ hasValueFlow="snappyReader"
+	snappyReader.Read(out)  // $ hasValueFlow="snappyReader" Alert
+	snappyReader.ReadByte() // $ hasValueFlow="snappyReader" Alert
 	tarRead = tar.NewReader(snappyReader)

 	TarDecompressor(tarRead)
@@ -386,10 +386,10 @@ func SnappyKlauspost(file io.Reader) {

 	snappyReader := snappyKlauspost.NewReader(file)
 	var out []byte = make([]byte, 70)
-	snappyReader.Read(out) // $ hasValueFlow="snappyReader"
+	snappyReader.Read(out) // $ hasValueFlow="snappyReader" Alert
 	var buf bytes.Buffer
-	snappyReader.DecodeConcurrent(&buf, 2) // $ hasValueFlow="snappyReader"
-	snappyReader.ReadByte()                // $ hasValueFlow="snappyReader"
+	snappyReader.DecodeConcurrent(&buf, 2) // $ hasValueFlow="snappyReader" Alert
+	snappyReader.ReadByte()                // $ hasValueFlow="snappyReader" Alert
 	tarRead = tar.NewReader(snappyReader)

 	TarDecompressor(tarRead)
@@ -414,10 +414,10 @@ func S2(file io.Reader) {

 	s2Reader := s2.NewReader(file)
 	var out []byte = make([]byte, 70)
-	s2Reader.Read(out)  // $ hasValueFlow="s2Reader"
-	s2Reader.ReadByte() // $ hasValueFlow="s2Reader"
+	s2Reader.Read(out)  // $ hasValueFlow="s2Reader" Alert
+	s2Reader.ReadByte() // $ hasValueFlow="s2Reader" Alert
 	var buf bytes.Buffer
-	s2Reader.DecodeConcurrent(&buf, 2) // $ hasValueFlow="s2Reader"
+	s2Reader.DecodeConcurrent(&buf, 2) // $ hasValueFlow="s2Reader" Alert
 	tarRead = tar.NewReader(s2Reader)

 	TarDecompressor(tarRead)
@@ -442,14 +442,14 @@ func GZipIoReader(src io.Reader, dst string) {
 	dstF, _ := os.OpenFile(dst, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0755)
 	defer dstF.Close()
 	newSrc := io.Reader(gzipReader)
-	_, _ = io.Copy(dstF, newSrc) // $ hasValueFlow="newSrc"
+	_, _ = io.Copy(dstF, newSrc) // $ hasValueFlow="newSrc" Alert
 }
 func Gzip(file io.Reader) {
 	var tarRead *tar.Reader

 	gzipReader, _ := gzip.NewReader(file)
 	var out []byte = make([]byte, 70)
-	gzipReader.Read(out) // $ hasValueFlow="gzipReader"
+	gzipReader.Read(out) // $ hasValueFlow="gzipReader" Alert
 	tarRead = tar.NewReader(gzipReader)

 	TarDecompressor(tarRead)
@@ -474,9 +474,9 @@ func GzipKlauspost(file io.Reader) {

 	gzipReader, _ := gzipKlauspost.NewReader(file)
 	var out []byte = make([]byte, 70)
-	gzipReader.Read(out) // $ hasValueFlow="gzipReader"
+	gzipReader.Read(out) // $ hasValueFlow="gzipReader" Alert
 	var buf bytes.Buffer
-	gzipReader.WriteTo(&buf) // $ hasValueFlow="gzipReader"
+	gzipReader.WriteTo(&buf) // $ hasValueFlow="gzipReader" Alert
 	tarRead = tar.NewReader(gzipReader)

 	TarDecompressor(tarRead)
@@ -501,9 +501,9 @@ func PzipKlauspost(file io.Reader) {

 	pgzipReader, _ := pgzipKlauspost.NewReader(file)
 	var out []byte = make([]byte, 70)
-	pgzipReader.Read(out) // $ hasValueFlow="pgzipReader"
+	pgzipReader.Read(out) // $ hasValueFlow="pgzipReader" Alert
 	var buf bytes.Buffer
-	pgzipReader.WriteTo(&buf) // $ hasValueFlow="pgzipReader"
+	pgzipReader.WriteTo(&buf) // $ hasValueFlow="pgzipReader" Alert
 	tarRead = tar.NewReader(pgzipReader)

 	TarDecompressor(tarRead)
@@ -528,11 +528,11 @@ func Zstd_Klauspost(file io.Reader) {

 	zstdReader, _ := zstdKlauspost.NewReader(file)
 	var out []byte = make([]byte, 70)
-	zstdReader.Read(out) // $ hasValueFlow="zstdReader"
+	zstdReader.Read(out) // $ hasValueFlow="zstdReader" Alert
 	var buf bytes.Buffer
-	zstdReader.WriteTo(&buf) // $ hasValueFlow="zstdReader"
+	zstdReader.WriteTo(&buf) // $ hasValueFlow="zstdReader" Alert
 	var src []byte
-	zstdReader.DecodeAll(src, nil) // $ hasValueFlow="zstdReader"
+	zstdReader.DecodeAll(src, nil) // $ hasValueFlow="zstdReader" Alert
 	tarRead = tar.NewReader(zstdReader)

 	TarDecompressor(tarRead)
@@ -557,7 +557,7 @@ func Zstd_DataDog(file io.Reader) {

 	zstdReader := zstdDataDog.NewReader(file)
 	var out []byte = make([]byte, 70)
-	zstdReader.Read(out) // $ hasValueFlow="zstdReader"
+	zstdReader.Read(out) // $ hasValueFlow="zstdReader" Alert
 	tarRead = tar.NewReader(zstdReader)

 	TarDecompressor(tarRead)
@@ -582,7 +582,7 @@ func Xz(file io.Reader) {

 	xzReader, _ := xz.NewReader(file)
 	var out []byte = make([]byte, 70)
-	xzReader.Read(out) // $ hasValueFlow="xzReader"
+	xzReader.Read(out) // $ hasValueFlow="xzReader" Alert
 	tarRead = tar.NewReader(xzReader)
 	fmt.Println(io.SeekStart)

@@ -618,7 +618,7 @@ func TarDecompressor(tarRead *tar.Reader) {
 		if cur.Typeflag != tar.TypeReg {
 			continue
 		}
-		data, _ := io.ReadAll(tarRead) // $ hasValueFlow="tarRead"
+		data, _ := io.ReadAll(tarRead) // $ hasValueFlow="tarRead" Alert
 		files[cur.Name] = &fstest.MapFile{Data: data}
 	}
 	fmt.Print(files)
@@ -626,7 +626,7 @@ func TarDecompressor(tarRead *tar.Reader) {

 func TarDecompressor2(tarRead *tar.Reader) {
 	var tarOut []byte = make([]byte, 70)
-	tarRead.Read(tarOut) // $ hasValueFlow="tarRead"
+	tarRead.Read(tarOut) // $ hasValueFlow="tarRead" Alert
 	fmt.Println("do sth with output:", tarOut)
 }

--- a/go/ql/test/experimental/CWE-525/WebCacheDeception.qlref
+++ b/go/ql/test/experimental/CWE-525/WebCacheDeception.qlref
@@ -1 +1,2 @@
-experimental/CWE-525/WebCacheDeception.ql
+query: experimental/CWE-525/WebCacheDeception.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/experimental/CWE-525/WebCacheDeceptionBad.go
+++ b/go/ql/test/experimental/CWE-525/WebCacheDeceptionBad.go
@@ -79,7 +79,7 @@ func badRoutingNet() {

 	http.Handle("/assets/", http.StripPrefix("/assets/", http.FileServer(http.Dir("assets/"))))

-	http.HandleFunc("/adminusers/", ShowAdminPageCache)
+	http.HandleFunc("/adminusers/", ShowAdminPageCache) // $ Alert
 	err := http.ListenAndServe(":1337", nil)
 	if err != nil {
 		log.Fatal("ListenAndServe: ", err)
--- a/go/ql/test/experimental/CWE-525/WebCacheDeceptionFiber.go
+++ b/go/ql/test/experimental/CWE-525/WebCacheDeceptionFiber.go
@@ -12,12 +12,12 @@ func badRouting() {
 	log.Println("We are logging in Golang!")

 	// GET /api/register
-	app.Get("/api/*", func(c *fiber.Ctx) error {
+	app.Get("/api/*", func(c *fiber.Ctx) error { // $ Alert
 		msg := fmt.Sprintf("✋")
 		return c.SendString(msg) // => ✋ register
 	})

-	app.Post("/api/*", func(c *fiber.Ctx) error {
+	app.Post("/api/*", func(c *fiber.Ctx) error { // $ Alert
 		msg := fmt.Sprintf("✋")
 		return c.SendString(msg) // => ✋ register
 	})
--- a/go/ql/test/experimental/CWE-525/WebCacheDeceptionGoChi.go
+++ b/go/ql/test/experimental/CWE-525/WebCacheDeceptionGoChi.go
@@ -10,7 +10,7 @@ import (
 func badRoutingChi() {
 	r := chi.NewRouter()
 	r.Use(middleware.Logger)
-	r.Get("/*", func(w http.ResponseWriter, r *http.Request) {
+	r.Get("/*", func(w http.ResponseWriter, r *http.Request) { // $ Alert
 		w.Write([]byte("welcome"))
 	})
 	http.ListenAndServe(":3000", r)
--- a/go/ql/test/experimental/CWE-525/WebCacheDeceptionHTTPRouter.go
+++ b/go/ql/test/experimental/CWE-525/WebCacheDeceptionHTTPRouter.go
@@ -18,7 +18,7 @@ func Hello(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {

 func badHTTPRouter() {
 	router := httprouter.New()
-	router.GET("/test/*test", Index)
+	router.GET("/test/*test", Index) // $ Alert
 	router.GET("/hello/:name", Hello)

 	log.Fatal(http.ListenAndServe(":8082", router))
--- a/go/ql/test/experimental/CWE-74/Dsn.go
+++ b/go/ql/test/experimental/CWE-74/Dsn.go
@@ -23,10 +23,10 @@ func good() (interface{}, error) {
 }

 func bad() interface{} {
-	name2 := os.Args[1:]
+	name2 := os.Args[1:] // $ Source[go/dsn-injection-local]
 	// This is bad. `name` can be something like `test?allowAllFiles=true&` which will allow an attacker to access local files.
 	dbDSN := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8", "username", "password", "127.0.0.1", 3306, name2[0])
-	db, _ := sql.Open("mysql", dbDSN)
+	db, _ := sql.Open("mysql", dbDSN) // $ Alert[go/dsn-injection-local]
 	return db
 }

@@ -44,10 +44,10 @@ func good2(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 }

 func bad2(w http.ResponseWriter, req *http.Request) interface{} {
-	name := req.FormValue("name")
+	name := req.FormValue("name") // $ Source[go/dsn-injection]
 	// This is bad. `name` can be something like `test?allowAllFiles=true&` which will allow an attacker to access local files.
 	dbDSN := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8", "username", "password", "127.0.0.1", 3306, name)
-	db, _ := sql.Open("mysql", dbDSN)
+	db, _ := sql.Open("mysql", dbDSN) // $ Alert[go/dsn-injection]
 	return db
 }

@@ -60,12 +60,12 @@ func (Config) Parse([]string) error { return nil }

 func RegexFuncModelTest(w http.ResponseWriter, req *http.Request) (interface{}, error) {
 	cfg := NewConfig()
-	err := cfg.Parse(os.Args[1:]) // This is bad. `name` can be something like `test?allowAllFiles=true&` which will allow an attacker to access local files.
+	err := cfg.Parse(os.Args[1:]) // $ Source[go/dsn-injection-local] // This is bad. `name` can be something like `test?allowAllFiles=true&` which will allow an attacker to access local files.
 	if err != nil {
 		return nil, err
 	}
 	dbDSN := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8", "username", "password", "127.0.0.1", 3306, cfg.dsn)
-	db, _ := sql.Open("mysql", dbDSN)
+	db, _ := sql.Open("mysql", dbDSN) // $ Alert[go/dsn-injection-local]
 	return db, nil
 }

--- a/go/ql/test/experimental/CWE-74/DsnInjection.qlref
+++ b/go/ql/test/experimental/CWE-74/DsnInjection.qlref
@@ -1,2 +1,4 @@
 query: experimental/CWE-74/DsnInjection.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/experimental/CWE-74/DsnInjectionLocal.qlref
+++ b/go/ql/test/experimental/CWE-74/DsnInjectionLocal.qlref
@@ -1,2 +1,4 @@
 query: experimental/CWE-74/DsnInjectionLocal.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/experimental/CWE-807/SensitiveConditionBypass.qlref
+++ b/go/ql/test/experimental/CWE-807/SensitiveConditionBypass.qlref
@@ -1 +1,2 @@
-experimental/CWE-807/SensitiveConditionBypass.ql
+query: experimental/CWE-807/SensitiveConditionBypass.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/experimental/CWE-807/SensitiveConditionBypassBad.go
+++ b/go/ql/test/experimental/CWE-807/SensitiveConditionBypassBad.go
@@ -4,7 +4,7 @@ import "net/http"

 func example(w http.ResponseWriter, r *http.Request) {
 	test2 := "test"
-	if r.Header.Get("X-Password") != test2 {
+	if r.Header.Get("X-Password") != test2 { // $ Alert
 		login()
 	}
 }
--- a/go/ql/test/experimental/CWE-807/condition.go
+++ b/go/ql/test/experimental/CWE-807/condition.go
@@ -13,7 +13,7 @@ const test = "localhost"

 // Should alert as authkey is sensitive
 func ex1(w http.ResponseWriter, r *http.Request) {
-	if r.Header.Get("Origin") != test {
+	if r.Header.Get("Origin") != test { // $ Alert
 		authkey := "randomDatta"
 		io.WriteString(w, authkey)
 	}
@@ -22,7 +22,7 @@ func ex1(w http.ResponseWriter, r *http.Request) {
 // Should alert as authkey is sensitive
 func ex2(w http.ResponseWriter, r *http.Request) {
 	test2 := "test"
-	if r.Header.Get("Origin") != test2 {
+	if r.Header.Get("Origin") != test2 { // $ Alert
 		authkey := "randomDatta2"
 		io.WriteString(w, authkey)
 	}
@@ -31,7 +31,7 @@ func ex2(w http.ResponseWriter, r *http.Request) {
 // Should alert as login() is sensitive
 func ex3(w http.ResponseWriter, r *http.Request) {
 	test2 := "test"
-	if r.Header.Get("Origin") != test2 {
+	if r.Header.Get("Origin") != test2 { // $ Alert
 		login()
 	}
 }
--- a/go/ql/test/experimental/CWE-840/ConditionalBypass.qlref
+++ b/go/ql/test/experimental/CWE-840/ConditionalBypass.qlref
@@ -1 +1,2 @@
-experimental/CWE-840/ConditionalBypass.ql
+query: experimental/CWE-840/ConditionalBypass.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/experimental/CWE-840/ConditionalBypassBad.go
+++ b/go/ql/test/experimental/CWE-840/ConditionalBypassBad.go
@@ -6,7 +6,7 @@ import (

 func exampleHandlerBad(w http.ResponseWriter, r *http.Request) {
 	// BAD: the Origin and Host headers are user controlled
-	if r.Header.Get("Origin") != "http://"+r.Host {
+	if r.Header.Get("Origin") != "http://"+r.Host { // $ Alert
 		//do something
 	}
 }
--- a/go/ql/test/experimental/CWE-840/condition.go
+++ b/go/ql/test/experimental/CWE-840/condition.go
@@ -6,14 +6,14 @@ import (

 // BAD: taken from https://www.gorillatoolkit.org/pkg/websocket
 func ex1(w http.ResponseWriter, r *http.Request) {
-	if r.Header.Get("Origin") != "http://"+r.Host {
+	if r.Header.Get("Origin") != "http://"+r.Host { // $ Alert
 		//do something
 	}
 }

 // BAD: both operands are from remote sources
 func ex2(w http.ResponseWriter, r *http.Request) {
-	if r.Header.Get("Origin") != "http://"+r.Header.Get("Header") {
+	if r.Header.Get("Origin") != "http://"+r.Header.Get("Header") { // $ Alert
 		//do something
 	}
 }
--- a/go/ql/test/experimental/InconsistentCode/DeferInLoop.go
+++ b/go/ql/test/experimental/InconsistentCode/DeferInLoop.go
@@ -5,7 +5,7 @@ import "os"
 func openFiles(filenames []string) {
 	for _, filename := range filenames {
 		file, err := os.Open(filename)
-		defer file.Close()
+		defer file.Close() // $ Alert[go/examples/deferinloop]
 		if err != nil {
 			// handle error
 		}
--- a/go/ql/test/experimental/InconsistentCode/DeferInLoop.qlref
+++ b/go/ql/test/experimental/InconsistentCode/DeferInLoop.qlref
@@ -1 +1,2 @@
-experimental/InconsistentCode/DeferInLoop.ql
+query: experimental/InconsistentCode/DeferInLoop.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/experimental/InconsistentCode/GORMErrorNotChecked.go
+++ b/go/ql/test/experimental/InconsistentCode/GORMErrorNotChecked.go
@@ -4,6 +4,6 @@ import "gorm.io/gorm"

 func getUserId(db *gorm.DB, name string) int64 {
 	var user User
-	db.Where("name = ?", name).First(&user)
+	db.Where("name = ?", name).First(&user) // $ Alert[go/examples/gorm-error-not-checked]
 	return user.Id
 }
--- a/go/ql/test/experimental/InconsistentCode/GORMErrorNotChecked.qlref
+++ b/go/ql/test/experimental/InconsistentCode/GORMErrorNotChecked.qlref
@@ -1 +1,2 @@
-experimental/InconsistentCode/GORMErrorNotChecked.ql
+query: experimental/InconsistentCode/GORMErrorNotChecked.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/experimental/InconsistentCode/test.go
+++ b/go/ql/test/experimental/InconsistentCode/test.go
@@ -3,24 +3,24 @@ package main
 func test() {
 	var xs []int
 	for _ = range xs {
-		defer test() // not ok
+		defer test() // $ Alert[go/examples/deferinloop] // not ok
 	}

 	for _ = range xs {
 		if true {
-			defer test() // not ok
+			defer test() // $ Alert[go/examples/deferinloop] // not ok
 		}
 	}

 	for i := 0; i < 10; i++ {
-		defer test()
+		defer test() // $ Alert[go/examples/deferinloop]
 	}

 	for true {
-		defer test() // not ok
+		defer test() // $ Alert[go/examples/deferinloop] // not ok
 	}

 	for false {
-		defer test() // fine but caught
+		defer test() // $ Alert[go/examples/deferinloop] // fine but caught
 	}
 }
--- a/go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected
+++ b/go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected
@@ -1,3 +1,15 @@
+#select
+| WrongUsageOfUnsafe.go:77:16:77:55 | type conversion | WrongUsageOfUnsafe.go:77:27:77:54 | type conversion | WrongUsageOfUnsafe.go:77:16:77:55 | type conversion | $@. | WrongUsageOfUnsafe.go:77:27:77:54 | type conversion | Dangerous array type casting to [8]uint8 from an index expression ([8]uint8)[2] (the destination type is 2 elements longer) |
+| WrongUsageOfUnsafe.go:111:16:111:59 | type conversion | WrongUsageOfUnsafe.go:111:31:111:58 | type conversion | WrongUsageOfUnsafe.go:111:16:111:59 | type conversion | $@. | WrongUsageOfUnsafe.go:111:31:111:58 | type conversion | Dangerous array type casting to [17]uint8 from an index expression ([8]uint8)[0] (the destination type is 9 elements longer) |
+| WrongUsageOfUnsafe.go:129:16:129:56 | type conversion | WrongUsageOfUnsafe.go:129:31:129:55 | type conversion | WrongUsageOfUnsafe.go:129:16:129:56 | type conversion | $@. | WrongUsageOfUnsafe.go:129:31:129:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
+| WrongUsageOfUnsafe.go:149:16:149:56 | type conversion | WrongUsageOfUnsafe.go:149:31:149:55 | type conversion | WrongUsageOfUnsafe.go:149:16:149:56 | type conversion | $@. | WrongUsageOfUnsafe.go:149:31:149:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
+| WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | $@. | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | Dangerous array type casting to [17]string from [8]string |
+| WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | $@. | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | Dangerous type up-casting to [17]uint8 from struct type |
+| WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | $@. | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
+| WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | $@. | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
+| WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | $@. | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | Dangerous array type casting to [4]int64 from [1]int64 |
+| WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | $@. | WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | Dangerous numeric type casting to int64 from int8 |
+| WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | $@. | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | Dangerous numeric type casting to int from int8 |
 edges
 | WrongUsageOfUnsafe.go:17:24:17:48 | type conversion | WrongUsageOfUnsafe.go:17:13:17:49 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:34:24:34:51 | type conversion | WrongUsageOfUnsafe.go:34:13:34:52 | type conversion | provenance |  |
@@ -10,8 +22,8 @@ edges
 | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | provenance |  |
-| WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | WrongUsageOfUnsafe.go:236:21:236:23 | SSA def(req) | provenance |  |
-| WrongUsageOfUnsafe.go:236:21:236:23 | SSA def(req) | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | provenance |  |
+| WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | WrongUsageOfUnsafe.go:236:21:236:23 | definition of req | provenance |  |
+| WrongUsageOfUnsafe.go:236:21:236:23 | definition of req | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | provenance |  |
@@ -39,7 +51,7 @@ nodes
 | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:236:21:236:23 | SSA def(req) | semmle.label | SSA def(req) |
+| WrongUsageOfUnsafe.go:236:21:236:23 | definition of req | semmle.label | definition of req |
 | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | semmle.label | type conversion |
@@ -48,15 +60,3 @@ nodes
 | WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | semmle.label | type conversion |
 subpaths
-#select
-| WrongUsageOfUnsafe.go:77:16:77:55 | type conversion | WrongUsageOfUnsafe.go:77:27:77:54 | type conversion | WrongUsageOfUnsafe.go:77:16:77:55 | type conversion | $@. | WrongUsageOfUnsafe.go:77:27:77:54 | type conversion | Dangerous array type casting to [8]uint8 from an index expression ([8]uint8)[2] (the destination type is 2 elements longer) |
-| WrongUsageOfUnsafe.go:111:16:111:59 | type conversion | WrongUsageOfUnsafe.go:111:31:111:58 | type conversion | WrongUsageOfUnsafe.go:111:16:111:59 | type conversion | $@. | WrongUsageOfUnsafe.go:111:31:111:58 | type conversion | Dangerous array type casting to [17]uint8 from an index expression ([8]uint8)[0] (the destination type is 9 elements longer) |
-| WrongUsageOfUnsafe.go:129:16:129:56 | type conversion | WrongUsageOfUnsafe.go:129:31:129:55 | type conversion | WrongUsageOfUnsafe.go:129:16:129:56 | type conversion | $@. | WrongUsageOfUnsafe.go:129:31:129:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
-| WrongUsageOfUnsafe.go:149:16:149:56 | type conversion | WrongUsageOfUnsafe.go:149:31:149:55 | type conversion | WrongUsageOfUnsafe.go:149:16:149:56 | type conversion | $@. | WrongUsageOfUnsafe.go:149:31:149:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
-| WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | $@. | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | Dangerous array type casting to [17]string from [8]string |
-| WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | $@. | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | Dangerous type up-casting to [17]uint8 from struct type |
-| WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | $@. | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
-| WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | $@. | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
-| WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | $@. | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | Dangerous array type casting to [4]int64 from [1]int64 |
-| WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | $@. | WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | Dangerous numeric type casting to int64 from int8 |
-| WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | $@. | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | Dangerous numeric type casting to int from int8 |
--- a/go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.go
+++ b/go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.go
@@ -74,7 +74,7 @@ func badIndexExpr() {
 	// the address of the 3rd element of the `harmless` array,
 	// and continue for 8 bytes, going out of the boundaries of
 	// `harmless` and crossing into the memory occupied by `secret`.
-	var leaking = (*[8]byte)(unsafe.Pointer(&harmless[2])) // BAD
+	var leaking = (*[8]byte)(unsafe.Pointer(&harmless[2])) // $ Alert // BAD

 	fmt.Println(string((*leaking)[:]))

@@ -108,7 +108,7 @@ func bad0() {

 	// Read before secret, overflowing into secret
 	// (notice we get the pointer to the first byte of harmless)
-	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless[0])) // BAD
+	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless[0])) // $ Alert // BAD

 	fmt.Println(string((*leaking)[:]))

@@ -126,7 +126,7 @@ func bad1() {

 	// Read before secret, overflowing into secret
 	// (notice we read more than the length of harmless)
-	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless)) // BAD
+	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless)) // $ Alert // BAD

 	fmt.Println(string((*leaking)[:]))

@@ -146,7 +146,7 @@ func bad2() {

 	// Read before secret, overflowing into secret
 	// (notice we read more than the length of harmless)
-	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless)) // BAD
+	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless)) // $ Alert // BAD

 	fmt.Println(string((*leaking)[:]))

@@ -163,7 +163,7 @@ func bad3() {

 	// Read before secret, overflowing into secret
 	// (notice we read more than the length of harmless)
-	var leaking = (*[8 + 9]string)(unsafe.Pointer(&harmless)) // BAD
+	var leaking = (*[8 + 9]string)(unsafe.Pointer(&harmless)) // $ Alert // BAD

 	fmt.Println(*leaking)
 	fmt.Println([17]string((*leaking)))
@@ -186,7 +186,7 @@ func bad4() {

 	// Read before secret, overflowing into secret
 	// (notice we read more than the length of harmless)
-	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless)) // BAD
+	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless)) // $ Alert // BAD

 	fmt.Println(string((*leaking)[:]))

@@ -208,7 +208,7 @@ func bad5() {

 	// Read before secret, overflowing into secret
 	// (notice we read more than the length of harmless)
-	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless.Data)) // BAD
+	var leaking = (*[8 + 9]byte)(unsafe.Pointer(&harmless.Data)) // $ Alert // BAD

 	fmt.Println(string(leaking[:]))

@@ -224,7 +224,7 @@ func bad6() {
 	secret := [9]byte{'s', 'e', 'n', 's', 'i', 't', 'i', 'v', 'e'}

 	// Read before secret:
-	var leaking = buffer_request(unsafe.Pointer(&harmless)) // BAD (see inside buffer_request func)
+	var leaking = buffer_request(unsafe.Pointer(&harmless)) // $ Source // BAD (see inside buffer_request func)

 	fmt.Println((string)(leaking[:]))

@@ -240,7 +240,7 @@ func buffer_request(req unsafe.Pointer) [8 + 9]byte {
 	// will be read, the read will also contain pieces of
 	// data from `secret`.
 	var buf [8 + 9]byte
-	buf = *(*[8 + 9]byte)(req) // BAD (from above func)
+	buf = *(*[8 + 9]byte)(req) // $ Alert // BAD (from above func)
 	return buf
 }
 func bad7() {
@@ -253,7 +253,7 @@ func bad7() {
 	// (notice we read more than the length of harmless);
 	// the leaking array will not contain letters,
 	// but integers representing bytes from `secret`.
-	var leaking = (*[4]int64)(unsafe.Pointer(&harmless)) // BAD
+	var leaking = (*[4]int64)(unsafe.Pointer(&harmless)) // $ Alert // BAD

 	fmt.Println(*leaking)

@@ -271,7 +271,7 @@ func bad8() {
 	// Read before secret, overflowing into secret
 	// (notice we read more than the length of harmless);
 	// the leaking data will contain some bits from `secret`.
-	var leaking = (*int64)(unsafe.Pointer(&harmless)) // BAD
+	var leaking = (*int64)(unsafe.Pointer(&harmless)) // $ Alert // BAD

 	fmt.Println(*leaking)

@@ -289,7 +289,7 @@ func bad9() {
 	// Read before secret, overflowing into secret
 	// (notice we read more than the length of harmless);
 	// the leaking data will contain some bits from `secret`.
-	var leaking = (*int)(unsafe.Pointer(&harmless)) // BAD
+	var leaking = (*int)(unsafe.Pointer(&harmless)) // $ Alert // BAD

 	fmt.Println(*leaking)

--- a/go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.qlref
+++ b/go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.qlref
@@ -1 +1,2 @@
-experimental/Unsafe/WrongUsageOfUnsafe.ql
+query: experimental/Unsafe/WrongUsageOfUnsafe.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/library-tests/semmle/go/concepts/Regexp/RegexpPattern.expected
+++ b/go/ql/test/library-tests/semmle/go/concepts/Regexp/RegexpPattern.expected
@@ -3,7 +3,7 @@
 | stdlib.go:13:21:13:24 | "ab" | ab | stdlib.go:13:21:13:24 | "ab" |
 | stdlib.go:15:26:15:39 | "[so]me\|regex" | [so]me\|regex | stdlib.go:15:2:15:40 | ... := ...[0] |
 | stdlib.go:15:26:15:39 | "[so]me\|regex" | [so]me\|regex | stdlib.go:15:26:15:39 | "[so]me\|regex" |
-| stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:16:2:16:3 | SSA def(re) |
+| stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:16:2:16:3 | definition of re |
 | stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:16:2:16:38 | ... = ...[0] |
 | stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:16:30:16:37 | "posix?" |
 | stdlib.go:16:30:16:37 | "posix?" | posix? | stdlib.go:17:2:17:3 | re |
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected
@@ -22,4 +22,4 @@ invalidModelRow
 | test.go:187:24:187:31 | call to Src1 | qltest |
 | test.go:191:24:191:31 | call to Src1 | qltest |
 | test.go:201:10:201:28 | selection of SourceVariable | qltest |
-| test.go:208:15:208:17 | SSA def(src) | qltest |
+| test.go:208:15:208:17 | definition of src | qltest |
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected
@@ -22,4 +22,4 @@ invalidModelRow
 | test.go:187:24:187:31 | call to Src1 | qltest |
 | test.go:191:24:191:31 | call to Src1 | qltest |
 | test.go:209:10:209:28 | selection of SourceVariable | qltest |
-| test.go:216:15:216:17 | SSA def(src) | qltest |
+| test.go:216:15:216:17 | definition of src | qltest |
--- a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected
@@ -1,169 +1,169 @@
-| main.go:3:12:3:12 | SSA def(x) | main.go:5:5:5:5 | x |
-| main.go:3:12:3:12 | argument corresponding to x | main.go:3:12:3:12 | SSA def(x) |
-| main.go:3:19:3:20 | SSA def(fn) | main.go:10:24:10:25 | fn |
-| main.go:3:19:3:20 | argument corresponding to fn | main.go:3:19:3:20 | SSA def(fn) |
+| main.go:3:12:3:12 | argument corresponding to x | main.go:3:12:3:12 | definition of x |
+| main.go:3:12:3:12 | definition of x | main.go:5:5:5:5 | x |
+| main.go:3:19:3:20 | argument corresponding to fn | main.go:3:19:3:20 | definition of fn |
+| main.go:3:19:3:20 | definition of fn | main.go:10:24:10:25 | fn |
 | main.go:5:5:5:5 | x | main.go:6:7:6:7 | x |
 | main.go:5:5:5:5 | x | main.go:8:8:8:8 | x |
-| main.go:6:3:6:3 | SSA def(y) | main.go:10:12:10:12 | y |
-| main.go:6:7:6:7 | x | main.go:6:3:6:3 | SSA def(y) |
+| main.go:6:3:6:3 | definition of y | main.go:10:12:10:12 | y |
+| main.go:6:7:6:7 | x | main.go:6:3:6:3 | definition of y |
 | main.go:6:7:6:7 | x | main.go:10:7:10:7 | x |
-| main.go:8:3:8:3 | SSA def(y) | main.go:10:12:10:12 | y |
-| main.go:8:7:8:8 | -... | main.go:8:3:8:3 | SSA def(y) |
+| main.go:8:3:8:3 | definition of y | main.go:10:12:10:12 | y |
+| main.go:8:7:8:8 | -... | main.go:8:3:8:3 | definition of y |
 | main.go:8:8:8:8 | x | main.go:10:7:10:7 | x |
-| main.go:10:2:10:2 | SSA def(z) | main.go:11:14:11:14 | z |
+| main.go:10:2:10:2 | definition of z | main.go:11:14:11:14 | z |
 | main.go:10:7:10:7 | x | main.go:10:22:10:22 | x |
 | main.go:10:7:10:12 | ...<=... | main.go:10:7:10:27 | ...&&... |
-| main.go:10:7:10:27 | ...&&... | main.go:10:2:10:2 | SSA def(z) |
+| main.go:10:7:10:27 | ...&&... | main.go:10:2:10:2 | definition of z |
 | main.go:10:12:10:12 | y | main.go:10:17:10:17 | y |
 | main.go:10:17:10:27 | ...>=... | main.go:10:7:10:27 | ...&&... |
 | main.go:11:14:11:14 | z | main.go:11:9:11:15 | type conversion |
-| main.go:15:9:15:9 | 0 | main.go:15:2:15:4 | SSA def(acc) |
-| main.go:16:9:19:2 | SSA def(acc) | main.go:17:3:17:5 | acc |
-| main.go:17:3:17:7 | SSA def(acc) | main.go:18:10:18:12 | acc |
-| main.go:17:3:17:7 | rhs of increment statement | main.go:17:3:17:7 | SSA def(acc) |
-| main.go:22:12:22:12 | SSA def(b) | main.go:23:5:23:5 | b |
-| main.go:22:12:22:12 | argument corresponding to b | main.go:22:12:22:12 | SSA def(b) |
-| main.go:22:20:22:20 | SSA def(x) | main.go:24:10:24:10 | x |
-| main.go:22:20:22:20 | SSA def(x) | main.go:26:11:26:11 | x |
-| main.go:22:20:22:20 | argument corresponding to x | main.go:22:20:22:20 | SSA def(x) |
+| main.go:15:9:15:9 | 0 | main.go:15:2:15:4 | definition of acc |
+| main.go:16:9:19:2 | capture variable acc | main.go:17:3:17:5 | acc |
+| main.go:17:3:17:7 | definition of acc | main.go:18:10:18:12 | acc |
+| main.go:17:3:17:7 | rhs of increment statement | main.go:17:3:17:7 | definition of acc |
+| main.go:22:12:22:12 | argument corresponding to b | main.go:22:12:22:12 | definition of b |
+| main.go:22:12:22:12 | definition of b | main.go:23:5:23:5 | b |
+| main.go:22:20:22:20 | argument corresponding to x | main.go:22:20:22:20 | definition of x |
+| main.go:22:20:22:20 | definition of x | main.go:24:10:24:10 | x |
+| main.go:22:20:22:20 | definition of x | main.go:26:11:26:11 | x |
 | main.go:24:10:24:10 | x | main.go:24:10:24:19 | type assertion |
-| main.go:26:2:26:2 | SSA def(n) | main.go:27:11:27:11 | n |
-| main.go:26:2:26:17 | ... := ...[0] | main.go:26:2:26:2 | SSA def(n) |
-| main.go:26:2:26:17 | ... := ...[1] | main.go:26:5:26:6 | SSA def(ok) |
-| main.go:26:5:26:6 | SSA def(ok) | main.go:27:5:27:6 | ok |
+| main.go:26:2:26:2 | definition of n | main.go:27:11:27:11 | n |
+| main.go:26:2:26:17 | ... := ...[0] | main.go:26:2:26:2 | definition of n |
+| main.go:26:2:26:17 | ... := ...[1] | main.go:26:5:26:6 | definition of ok |
+| main.go:26:5:26:6 | definition of ok | main.go:27:5:27:6 | ok |
 | main.go:26:11:26:11 | x | main.go:26:2:26:17 | ... := ...[0] |
-| main.go:38:2:38:2 | SSA def(s) | main.go:39:15:39:15 | s |
-| main.go:38:7:38:20 | slice literal | main.go:38:2:38:2 | SSA def(s) |
-| main.go:38:7:38:20 | slice literal [postupdate] | main.go:38:2:38:2 | SSA def(s) |
-| main.go:39:2:39:3 | SSA def(s1) | main.go:40:18:40:19 | s1 |
-| main.go:39:8:39:25 | call to append | main.go:39:2:39:3 | SSA def(s1) |
+| main.go:38:2:38:2 | definition of s | main.go:39:15:39:15 | s |
+| main.go:38:7:38:20 | slice literal | main.go:38:2:38:2 | definition of s |
+| main.go:38:7:38:20 | slice literal [postupdate] | main.go:38:2:38:2 | definition of s |
+| main.go:39:2:39:3 | definition of s1 | main.go:40:18:40:19 | s1 |
+| main.go:39:8:39:25 | call to append | main.go:39:2:39:3 | definition of s1 |
 | main.go:39:15:39:15 | s | main.go:40:15:40:15 | s |
 | main.go:39:15:39:15 | s [postupdate] | main.go:40:15:40:15 | s |
-| main.go:40:2:40:3 | SSA def(s2) | main.go:43:9:43:10 | s2 |
-| main.go:40:8:40:23 | call to append | main.go:40:2:40:3 | SSA def(s2) |
+| main.go:40:2:40:3 | definition of s2 | main.go:43:9:43:10 | s2 |
+| main.go:40:8:40:23 | call to append | main.go:40:2:40:3 | definition of s2 |
 | main.go:40:15:40:15 | s | main.go:42:7:42:7 | s |
 | main.go:40:15:40:15 | s [postupdate] | main.go:42:7:42:7 | s |
-| main.go:41:2:41:3 | SSA def(s4) | main.go:42:10:42:11 | s4 |
-| main.go:41:8:41:21 | call to make | main.go:41:2:41:3 | SSA def(s4) |
-| main.go:46:13:46:14 | SSA def(xs) | main.go:47:20:47:21 | xs |
-| main.go:46:13:46:14 | argument corresponding to xs | main.go:46:13:46:14 | SSA def(xs) |
-| main.go:46:24:46:27 | SSA def(keys) | main.go:46:24:46:27 | implicit read of keys |
-| main.go:46:24:46:27 | SSA def(keys) | main.go:49:3:49:6 | keys |
-| main.go:46:24:46:27 | zero value for keys | main.go:46:24:46:27 | SSA def(keys) |
-| main.go:46:34:46:37 | SSA def(vals) | main.go:46:34:46:37 | implicit read of vals |
-| main.go:46:34:46:37 | SSA def(vals) | main.go:48:3:48:6 | vals |
-| main.go:46:34:46:37 | zero value for vals | main.go:46:34:46:37 | SSA def(vals) |
-| main.go:47:2:50:2 | range statement[0] | main.go:47:6:47:6 | SSA def(k) |
-| main.go:47:2:50:2 | range statement[1] | main.go:47:9:47:9 | SSA def(v) |
-| main.go:47:6:47:6 | SSA def(k) | main.go:49:11:49:11 | k |
-| main.go:47:9:47:9 | SSA def(v) | main.go:48:11:48:11 | v |
-| main.go:48:3:48:6 | SSA def(vals) | main.go:46:34:46:37 | implicit read of vals |
-| main.go:48:3:48:6 | SSA def(vals) | main.go:48:3:48:6 | vals |
-| main.go:48:3:48:11 | ... += ... | main.go:48:3:48:6 | SSA def(vals) |
-| main.go:49:3:49:6 | SSA def(keys) | main.go:46:24:46:27 | implicit read of keys |
-| main.go:49:3:49:6 | SSA def(keys) | main.go:49:3:49:6 | keys |
-| main.go:49:3:49:11 | ... += ... | main.go:49:3:49:6 | SSA def(keys) |
-| main.go:55:6:55:7 | SSA def(ch) | main.go:56:2:56:3 | ch |
-| main.go:55:6:55:7 | zero value for ch | main.go:55:6:55:7 | SSA def(ch) |
+| main.go:41:2:41:3 | definition of s4 | main.go:42:10:42:11 | s4 |
+| main.go:41:8:41:21 | call to make | main.go:41:2:41:3 | definition of s4 |
+| main.go:46:13:46:14 | argument corresponding to xs | main.go:46:13:46:14 | definition of xs |
+| main.go:46:13:46:14 | definition of xs | main.go:47:20:47:21 | xs |
+| main.go:46:24:46:27 | definition of keys | main.go:46:24:46:27 | implicit read of keys |
+| main.go:46:24:46:27 | definition of keys | main.go:49:3:49:6 | keys |
+| main.go:46:24:46:27 | zero value for keys | main.go:46:24:46:27 | definition of keys |
+| main.go:46:34:46:37 | definition of vals | main.go:46:34:46:37 | implicit read of vals |
+| main.go:46:34:46:37 | definition of vals | main.go:48:3:48:6 | vals |
+| main.go:46:34:46:37 | zero value for vals | main.go:46:34:46:37 | definition of vals |
+| main.go:47:2:50:2 | range statement[0] | main.go:47:6:47:6 | definition of k |
+| main.go:47:2:50:2 | range statement[1] | main.go:47:9:47:9 | definition of v |
+| main.go:47:6:47:6 | definition of k | main.go:49:11:49:11 | k |
+| main.go:47:9:47:9 | definition of v | main.go:48:11:48:11 | v |
+| main.go:48:3:48:6 | definition of vals | main.go:46:34:46:37 | implicit read of vals |
+| main.go:48:3:48:6 | definition of vals | main.go:48:3:48:6 | vals |
+| main.go:48:3:48:11 | ... += ... | main.go:48:3:48:6 | definition of vals |
+| main.go:49:3:49:6 | definition of keys | main.go:46:24:46:27 | implicit read of keys |
+| main.go:49:3:49:6 | definition of keys | main.go:49:3:49:6 | keys |
+| main.go:49:3:49:11 | ... += ... | main.go:49:3:49:6 | definition of keys |
+| main.go:55:6:55:7 | definition of ch | main.go:56:2:56:3 | ch |
+| main.go:55:6:55:7 | zero value for ch | main.go:55:6:55:7 | definition of ch |
 | main.go:56:2:56:3 | ch | main.go:57:4:57:5 | ch |
 | main.go:56:2:56:3 | ch [postupdate] | main.go:57:4:57:5 | ch |
-| main.go:61:2:61:2 | SSA def(x) | main.go:64:11:64:11 | x |
-| main.go:61:7:61:7 | 1 | main.go:61:2:61:2 | SSA def(x) |
-| main.go:62:2:62:2 | SSA def(y) | main.go:64:14:64:14 | y |
-| main.go:62:7:62:7 | 2 | main.go:62:2:62:2 | SSA def(y) |
-| main.go:63:2:63:2 | SSA def(z) | main.go:64:17:64:17 | z |
-| main.go:63:7:63:7 | 3 | main.go:63:2:63:2 | SSA def(z) |
-| main.go:64:2:64:2 | SSA def(a) | main.go:66:9:66:9 | a |
-| main.go:64:7:64:18 | call to min | main.go:64:2:64:2 | SSA def(a) |
+| main.go:61:2:61:2 | definition of x | main.go:64:11:64:11 | x |
+| main.go:61:7:61:7 | 1 | main.go:61:2:61:2 | definition of x |
+| main.go:62:2:62:2 | definition of y | main.go:64:14:64:14 | y |
+| main.go:62:7:62:7 | 2 | main.go:62:2:62:2 | definition of y |
+| main.go:63:2:63:2 | definition of z | main.go:64:17:64:17 | z |
+| main.go:63:7:63:7 | 3 | main.go:63:2:63:2 | definition of z |
+| main.go:64:2:64:2 | definition of a | main.go:66:9:66:9 | a |
+| main.go:64:7:64:18 | call to min | main.go:64:2:64:2 | definition of a |
 | main.go:64:11:64:11 | x | main.go:64:7:64:18 | call to min |
 | main.go:64:11:64:11 | x | main.go:65:11:65:11 | x |
 | main.go:64:14:64:14 | y | main.go:64:7:64:18 | call to min |
 | main.go:64:14:64:14 | y | main.go:65:14:65:14 | y |
 | main.go:64:17:64:17 | z | main.go:64:7:64:18 | call to min |
 | main.go:64:17:64:17 | z | main.go:65:17:65:17 | z |
-| main.go:65:2:65:2 | SSA def(b) | main.go:66:12:66:12 | b |
-| main.go:65:7:65:18 | call to max | main.go:65:2:65:2 | SSA def(b) |
+| main.go:65:2:65:2 | definition of b | main.go:66:12:66:12 | b |
+| main.go:65:7:65:18 | call to max | main.go:65:2:65:2 | definition of b |
 | main.go:65:11:65:11 | x | main.go:65:7:65:18 | call to max |
 | main.go:65:14:65:14 | y | main.go:65:7:65:18 | call to max |
 | main.go:65:17:65:17 | z | main.go:65:7:65:18 | call to max |
-| strings.go:8:12:8:12 | SSA def(s) | strings.go:9:24:9:24 | s |
-| strings.go:8:12:8:12 | argument corresponding to s | strings.go:8:12:8:12 | SSA def(s) |
-| strings.go:9:2:9:3 | SSA def(s2) | strings.go:11:20:11:21 | s2 |
-| strings.go:9:8:9:38 | call to Replace | strings.go:9:2:9:3 | SSA def(s2) |
+| strings.go:8:12:8:12 | argument corresponding to s | strings.go:8:12:8:12 | definition of s |
+| strings.go:8:12:8:12 | definition of s | strings.go:9:24:9:24 | s |
+| strings.go:9:2:9:3 | definition of s2 | strings.go:11:20:11:21 | s2 |
+| strings.go:9:8:9:38 | call to Replace | strings.go:9:2:9:3 | definition of s2 |
 | strings.go:9:24:9:24 | s | strings.go:10:27:10:27 | s |
-| strings.go:10:2:10:3 | SSA def(s3) | strings.go:11:24:11:25 | s3 |
-| strings.go:10:8:10:42 | call to ReplaceAll | strings.go:10:2:10:3 | SSA def(s3) |
+| strings.go:10:2:10:3 | definition of s3 | strings.go:11:24:11:25 | s3 |
+| strings.go:10:8:10:42 | call to ReplaceAll | strings.go:10:2:10:3 | definition of s3 |
 | strings.go:11:20:11:21 | s2 | strings.go:11:48:11:49 | s2 |
 | strings.go:11:24:11:25 | s3 | strings.go:11:67:11:68 | s3 |
-| url.go:8:12:8:12 | SSA def(b) | url.go:11:5:11:5 | b |
-| url.go:8:12:8:12 | argument corresponding to b | url.go:8:12:8:12 | SSA def(b) |
-| url.go:8:20:8:20 | SSA def(s) | url.go:12:46:12:46 | s |
-| url.go:8:20:8:20 | SSA def(s) | url.go:14:48:14:48 | s |
-| url.go:8:20:8:20 | argument corresponding to s | url.go:8:20:8:20 | SSA def(s) |
-| url.go:12:3:12:5 | SSA def(res) | url.go:19:9:19:11 | res |
-| url.go:12:3:12:48 | ... = ...[0] | url.go:12:3:12:5 | SSA def(res) |
-| url.go:12:3:12:48 | ... = ...[1] | url.go:12:8:12:10 | SSA def(err) |
-| url.go:12:8:12:10 | SSA def(err) | url.go:16:5:16:7 | err |
-| url.go:14:3:14:5 | SSA def(res) | url.go:19:9:19:11 | res |
-| url.go:14:3:14:50 | ... = ...[0] | url.go:14:3:14:5 | SSA def(res) |
-| url.go:14:3:14:50 | ... = ...[1] | url.go:14:8:14:10 | SSA def(err) |
-| url.go:14:8:14:10 | SSA def(err) | url.go:16:5:16:7 | err |
-| url.go:22:12:22:12 | SSA def(i) | url.go:24:5:24:5 | i |
-| url.go:22:12:22:12 | argument corresponding to i | url.go:22:12:22:12 | SSA def(i) |
-| url.go:22:19:22:19 | SSA def(s) | url.go:23:20:23:20 | s |
-| url.go:22:19:22:19 | argument corresponding to s | url.go:22:19:22:19 | SSA def(s) |
-| url.go:23:2:23:2 | SSA def(u) | url.go:25:10:25:10 | u |
-| url.go:23:2:23:21 | ... := ...[0] | url.go:23:2:23:2 | SSA def(u) |
+| url.go:8:12:8:12 | argument corresponding to b | url.go:8:12:8:12 | definition of b |
+| url.go:8:12:8:12 | definition of b | url.go:11:5:11:5 | b |
+| url.go:8:20:8:20 | argument corresponding to s | url.go:8:20:8:20 | definition of s |
+| url.go:8:20:8:20 | definition of s | url.go:12:46:12:46 | s |
+| url.go:8:20:8:20 | definition of s | url.go:14:48:14:48 | s |
+| url.go:12:3:12:5 | definition of res | url.go:19:9:19:11 | res |
+| url.go:12:3:12:48 | ... = ...[0] | url.go:12:3:12:5 | definition of res |
+| url.go:12:3:12:48 | ... = ...[1] | url.go:12:8:12:10 | definition of err |
+| url.go:12:8:12:10 | definition of err | url.go:16:5:16:7 | err |
+| url.go:14:3:14:5 | definition of res | url.go:19:9:19:11 | res |
+| url.go:14:3:14:50 | ... = ...[0] | url.go:14:3:14:5 | definition of res |
+| url.go:14:3:14:50 | ... = ...[1] | url.go:14:8:14:10 | definition of err |
+| url.go:14:8:14:10 | definition of err | url.go:16:5:16:7 | err |
+| url.go:22:12:22:12 | argument corresponding to i | url.go:22:12:22:12 | definition of i |
+| url.go:22:12:22:12 | definition of i | url.go:24:5:24:5 | i |
+| url.go:22:19:22:19 | argument corresponding to s | url.go:22:19:22:19 | definition of s |
+| url.go:22:19:22:19 | definition of s | url.go:23:20:23:20 | s |
+| url.go:23:2:23:2 | definition of u | url.go:25:10:25:10 | u |
+| url.go:23:2:23:21 | ... := ...[0] | url.go:23:2:23:2 | definition of u |
 | url.go:23:20:23:20 | s | url.go:27:29:27:29 | s |
-| url.go:27:2:27:2 | SSA def(u) | url.go:28:14:28:14 | u |
-| url.go:27:2:27:30 | ... = ...[0] | url.go:27:2:27:2 | SSA def(u) |
+| url.go:27:2:27:2 | definition of u | url.go:28:14:28:14 | u |
+| url.go:27:2:27:30 | ... = ...[0] | url.go:27:2:27:2 | definition of u |
 | url.go:28:14:28:14 | u | url.go:29:14:29:14 | u |
 | url.go:28:14:28:14 | u [postupdate] | url.go:29:14:29:14 | u |
 | url.go:29:14:29:14 | u | url.go:30:11:30:11 | u |
 | url.go:29:14:29:14 | u [postupdate] | url.go:30:11:30:11 | u |
-| url.go:30:2:30:3 | SSA def(bs) | url.go:31:14:31:15 | bs |
-| url.go:30:2:30:27 | ... := ...[0] | url.go:30:2:30:3 | SSA def(bs) |
+| url.go:30:2:30:3 | definition of bs | url.go:31:14:31:15 | bs |
+| url.go:30:2:30:27 | ... := ...[0] | url.go:30:2:30:3 | definition of bs |
 | url.go:30:11:30:11 | u | url.go:32:9:32:9 | u |
 | url.go:30:11:30:11 | u [postupdate] | url.go:32:9:32:9 | u |
-| url.go:32:2:32:2 | SSA def(u) | url.go:33:14:33:14 | u |
-| url.go:32:2:32:23 | ... = ...[0] | url.go:32:2:32:2 | SSA def(u) |
+| url.go:32:2:32:2 | definition of u | url.go:33:14:33:14 | u |
+| url.go:32:2:32:23 | ... = ...[0] | url.go:32:2:32:2 | definition of u |
 | url.go:33:14:33:14 | u | url.go:34:14:34:14 | u |
 | url.go:33:14:33:14 | u [postupdate] | url.go:34:14:34:14 | u |
 | url.go:34:14:34:14 | u | url.go:35:14:35:14 | u |
 | url.go:34:14:34:14 | u [postupdate] | url.go:35:14:35:14 | u |
 | url.go:35:14:35:14 | u | url.go:36:6:36:6 | u |
 | url.go:35:14:35:14 | u [postupdate] | url.go:36:6:36:6 | u |
-| url.go:36:2:36:2 | SSA def(u) | url.go:37:9:37:9 | u |
+| url.go:36:2:36:2 | definition of u | url.go:37:9:37:9 | u |
 | url.go:36:6:36:6 | u | url.go:36:25:36:25 | u |
 | url.go:36:6:36:6 | u [postupdate] | url.go:36:25:36:25 | u |
-| url.go:36:6:36:26 | call to ResolveReference | url.go:36:2:36:2 | SSA def(u) |
-| url.go:42:2:42:3 | SSA def(ui) | url.go:43:11:43:12 | ui |
-| url.go:42:7:42:38 | call to UserPassword | url.go:42:2:42:3 | SSA def(ui) |
-| url.go:43:2:43:3 | SSA def(pw) | url.go:44:14:44:15 | pw |
-| url.go:43:2:43:23 | ... := ...[0] | url.go:43:2:43:3 | SSA def(pw) |
+| url.go:36:6:36:26 | call to ResolveReference | url.go:36:2:36:2 | definition of u |
+| url.go:42:2:42:3 | definition of ui | url.go:43:11:43:12 | ui |
+| url.go:42:7:42:38 | call to UserPassword | url.go:42:2:42:3 | definition of ui |
+| url.go:43:2:43:3 | definition of pw | url.go:44:14:44:15 | pw |
+| url.go:43:2:43:23 | ... := ...[0] | url.go:43:2:43:3 | definition of pw |
 | url.go:43:11:43:12 | ui | url.go:45:14:45:15 | ui |
 | url.go:43:11:43:12 | ui [postupdate] | url.go:45:14:45:15 | ui |
 | url.go:45:14:45:15 | ui | url.go:46:9:46:10 | ui |
 | url.go:45:14:45:15 | ui [postupdate] | url.go:46:9:46:10 | ui |
-| url.go:49:12:49:12 | SSA def(q) | url.go:50:25:50:25 | q |
-| url.go:49:12:49:12 | argument corresponding to q | url.go:49:12:49:12 | SSA def(q) |
-| url.go:50:2:50:2 | SSA def(v) | url.go:51:14:51:14 | v |
-| url.go:50:2:50:26 | ... := ...[0] | url.go:50:2:50:2 | SSA def(v) |
+| url.go:49:12:49:12 | argument corresponding to q | url.go:49:12:49:12 | definition of q |
+| url.go:49:12:49:12 | definition of q | url.go:50:25:50:25 | q |
+| url.go:50:2:50:2 | definition of v | url.go:51:14:51:14 | v |
+| url.go:50:2:50:26 | ... := ...[0] | url.go:50:2:50:2 | definition of v |
 | url.go:51:14:51:14 | v | url.go:52:14:52:14 | v |
 | url.go:51:14:51:14 | v [postupdate] | url.go:52:14:52:14 | v |
 | url.go:52:14:52:14 | v | url.go:53:9:53:9 | v |
 | url.go:52:14:52:14 | v [postupdate] | url.go:53:9:53:9 | v |
-| url.go:56:12:56:12 | SSA def(q) | url.go:57:29:57:29 | q |
-| url.go:56:12:56:12 | argument corresponding to q | url.go:56:12:56:12 | SSA def(q) |
-| url.go:57:2:57:8 | SSA def(joined1) | url.go:58:38:58:44 | joined1 |
-| url.go:57:2:57:39 | ... := ...[0] | url.go:57:2:57:8 | SSA def(joined1) |
-| url.go:58:2:58:8 | SSA def(joined2) | url.go:59:24:59:30 | joined2 |
-| url.go:58:2:58:45 | ... := ...[0] | url.go:58:2:58:8 | SSA def(joined2) |
-| url.go:59:2:59:6 | SSA def(asUrl) | url.go:60:15:60:19 | asUrl |
-| url.go:59:2:59:31 | ... := ...[0] | url.go:59:2:59:6 | SSA def(asUrl) |
-| url.go:60:2:60:10 | SSA def(joinedUrl) | url.go:61:9:61:17 | joinedUrl |
-| url.go:60:15:60:37 | call to JoinPath | url.go:60:2:60:10 | SSA def(joinedUrl) |
-| url.go:64:13:64:13 | SSA def(q) | url.go:66:27:66:27 | q |
-| url.go:64:13:64:13 | argument corresponding to q | url.go:64:13:64:13 | SSA def(q) |
-| url.go:65:2:65:9 | SSA def(cleanUrl) | url.go:66:9:66:16 | cleanUrl |
-| url.go:65:2:65:48 | ... := ...[0] | url.go:65:2:65:9 | SSA def(cleanUrl) |
+| url.go:56:12:56:12 | argument corresponding to q | url.go:56:12:56:12 | definition of q |
+| url.go:56:12:56:12 | definition of q | url.go:57:29:57:29 | q |
+| url.go:57:2:57:8 | definition of joined1 | url.go:58:38:58:44 | joined1 |
+| url.go:57:2:57:39 | ... := ...[0] | url.go:57:2:57:8 | definition of joined1 |
+| url.go:58:2:58:8 | definition of joined2 | url.go:59:24:59:30 | joined2 |
+| url.go:58:2:58:45 | ... := ...[0] | url.go:58:2:58:8 | definition of joined2 |
+| url.go:59:2:59:6 | definition of asUrl | url.go:60:15:60:19 | asUrl |
+| url.go:59:2:59:31 | ... := ...[0] | url.go:59:2:59:6 | definition of asUrl |
+| url.go:60:2:60:10 | definition of joinedUrl | url.go:61:9:61:17 | joinedUrl |
+| url.go:60:15:60:37 | call to JoinPath | url.go:60:2:60:10 | definition of joinedUrl |
+| url.go:64:13:64:13 | argument corresponding to q | url.go:64:13:64:13 | definition of q |
+| url.go:64:13:64:13 | definition of q | url.go:66:27:66:27 | q |
+| url.go:65:2:65:9 | definition of cleanUrl | url.go:66:9:66:16 | cleanUrl |
+| url.go:65:2:65:48 | ... := ...[0] | url.go:65:2:65:9 | definition of cleanUrl |
--- a/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionInput_getEntryNode.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionInput_getEntryNode.expected
@@ -25,15 +25,15 @@
 | result | main.go:53:2:53:22 | call to op2 | main.go:53:2:53:22 | call to op2 |
 | result | main.go:53:14:53:21 | call to bump | main.go:53:14:53:21 | call to bump |
 | result | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder |
-| result | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:2:10:4 | SSA def(err) |
-| result | tst.go:9:17:9:33 | call to new | tst.go:9:2:9:12 | SSA def(bytesBuffer) |
+| result | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:2:10:4 | definition of err |
+| result | tst.go:9:17:9:33 | call to new | tst.go:9:2:9:12 | definition of bytesBuffer |
 | result 0 | main.go:51:2:51:14 | call to op | main.go:51:2:51:14 | call to op |
 | result 0 | main.go:53:2:53:22 | call to op2 | main.go:53:2:53:22 | call to op2 |
 | result 0 | main.go:53:14:53:21 | call to bump | main.go:53:14:53:21 | call to bump |
-| result 0 | main.go:54:10:54:15 | call to test | main.go:54:2:54:2 | SSA def(x) |
-| result 0 | main.go:56:9:56:15 | call to test2 | main.go:56:2:56:2 | SSA def(x) |
+| result 0 | main.go:54:10:54:15 | call to test | main.go:54:2:54:2 | definition of x |
+| result 0 | main.go:56:9:56:15 | call to test2 | main.go:56:2:56:2 | definition of x |
 | result 0 | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder |
-| result 0 | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:2:10:4 | SSA def(err) |
-| result 0 | tst.go:9:17:9:33 | call to new | tst.go:9:2:9:12 | SSA def(bytesBuffer) |
-| result 1 | main.go:54:10:54:15 | call to test | main.go:54:5:54:5 | SSA def(y) |
-| result 1 | main.go:56:9:56:15 | call to test2 | main.go:56:5:56:5 | SSA def(y) |
+| result 0 | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:2:10:4 | definition of err |
+| result 0 | tst.go:9:17:9:33 | call to new | tst.go:9:2:9:12 | definition of bytesBuffer |
+| result 1 | main.go:54:10:54:15 | call to test | main.go:54:5:54:5 | definition of y |
+| result 1 | main.go:56:9:56:15 | call to test2 | main.go:56:5:56:5 | definition of y |
--- a/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionInput_getExitNode.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionInput_getExitNode.expected
@@ -1,14 +1,14 @@
-| parameter 0 | main.go:5:1:11:1 | function declaration | main.go:5:9:5:10 | SSA def(op) |
-| parameter 0 | main.go:13:1:20:1 | function declaration | main.go:13:10:13:11 | SSA def(op) |
-| parameter 0 | main.go:40:1:48:1 | function declaration | main.go:40:12:40:12 | SSA def(b) |
-| parameter 0 | reset.go:8:1:16:1 | function declaration | reset.go:8:27:8:27 | SSA def(r) |
-| parameter 0 | tst2.go:8:1:12:1 | function declaration | tst2.go:8:12:8:15 | SSA def(data) |
-| parameter 0 | tst.go:8:1:11:1 | function declaration | tst.go:8:12:8:17 | SSA def(reader) |
+| parameter 0 | main.go:5:1:11:1 | function declaration | main.go:5:9:5:10 | definition of op |
+| parameter 0 | main.go:13:1:20:1 | function declaration | main.go:13:10:13:11 | definition of op |
+| parameter 0 | main.go:40:1:48:1 | function declaration | main.go:40:12:40:12 | definition of b |
+| parameter 0 | reset.go:8:1:16:1 | function declaration | reset.go:8:27:8:27 | definition of r |
+| parameter 0 | tst2.go:8:1:12:1 | function declaration | tst2.go:8:12:8:15 | definition of data |
+| parameter 0 | tst.go:8:1:11:1 | function declaration | tst.go:8:12:8:17 | definition of reader |
 | parameter 0 | tst.go:13:1:13:25 | function declaration | tst.go:13:12:13:13 | initialization of xs |
-| parameter 0 | tst.go:15:1:19:1 | function declaration | tst.go:15:12:15:12 | SSA def(x) |
-| parameter 1 | main.go:5:1:11:1 | function declaration | main.go:5:20:5:20 | SSA def(x) |
-| parameter 1 | main.go:13:1:20:1 | function declaration | main.go:13:21:13:21 | SSA def(x) |
-| parameter 1 | tst.go:15:1:19:1 | function declaration | tst.go:15:15:15:15 | SSA def(y) |
-| parameter 2 | main.go:5:1:11:1 | function declaration | main.go:5:27:5:27 | SSA def(y) |
-| parameter 2 | main.go:13:1:20:1 | function declaration | main.go:13:28:13:28 | SSA def(y) |
-| receiver | main.go:26:1:29:1 | function declaration | main.go:26:7:26:7 | SSA def(c) |
+| parameter 0 | tst.go:15:1:19:1 | function declaration | tst.go:15:12:15:12 | definition of x |
+| parameter 1 | main.go:5:1:11:1 | function declaration | main.go:5:20:5:20 | definition of x |
+| parameter 1 | main.go:13:1:20:1 | function declaration | main.go:13:21:13:21 | definition of x |
+| parameter 1 | tst.go:15:1:19:1 | function declaration | tst.go:15:15:15:15 | definition of y |
+| parameter 2 | main.go:5:1:11:1 | function declaration | main.go:5:27:5:27 | definition of y |
+| parameter 2 | main.go:13:1:20:1 | function declaration | main.go:13:28:13:28 | definition of y |
+| receiver | main.go:26:1:29:1 | function declaration | main.go:26:7:26:7 | definition of c |
--- a/go/ql/test/library-tests/semmle/go/dataflow/GlobalValueNumbering/GlobalValueNumber.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/GlobalValueNumbering/GlobalValueNumber.expected
@@ -1,18 +1,18 @@
 | main.go:6:2:6:5 | 1 | main.go:14:7:14:7 | 1 |
-| main.go:10:2:10:2 | SSA def(x) | main.go:10:7:10:7 | 0 |
+| main.go:10:2:10:2 | definition of x | main.go:10:7:10:7 | 0 |
 | main.go:10:7:10:7 | 0 | main.go:10:7:10:7 | 0 |
-| main.go:11:6:11:6 | SSA def(y) | main.go:10:7:10:7 | 0 |
+| main.go:11:6:11:6 | definition of y | main.go:10:7:10:7 | 0 |
 | main.go:11:6:11:6 | zero value for y | main.go:10:7:10:7 | 0 |
 | main.go:12:2:12:18 | call to Println | main.go:12:2:12:18 | call to Println |
 | main.go:12:14:12:14 | x | main.go:10:7:10:7 | 0 |
 | main.go:12:17:12:17 | y | main.go:10:7:10:7 | 0 |
-| main.go:14:2:14:2 | SSA def(z) | main.go:14:7:14:7 | 1 |
+| main.go:14:2:14:2 | definition of z | main.go:14:7:14:7 | 1 |
 | main.go:14:7:14:7 | 1 | main.go:14:7:14:7 | 1 |
 | main.go:15:2:15:9 | call to bump | main.go:15:2:15:9 | call to bump |
 | main.go:16:2:16:21 | call to Println | main.go:16:2:16:21 | call to Println |
 | main.go:16:14:16:14 | x | main.go:10:7:10:7 | 0 |
 | main.go:16:17:16:17 | y | main.go:10:7:10:7 | 0 |
-| main.go:18:2:18:3 | SSA def(ss) | main.go:18:8:18:24 | call to make |
+| main.go:18:2:18:3 | definition of ss | main.go:18:8:18:24 | call to make |
 | main.go:18:8:18:24 | call to make | main.go:18:8:18:24 | call to make |
 | main.go:18:23:18:23 | 3 | main.go:18:23:18:23 | 3 |
 | main.go:19:5:19:5 | 2 | main.go:19:5:19:5 | 2 |
@@ -20,20 +20,22 @@
 | main.go:20:2:20:16 | call to Println | main.go:20:2:20:16 | call to Println |
 | main.go:23:14:23:16 | implicit read of res | main.go:24:8:24:8 | 4 |
 | main.go:23:14:23:16 | zero value for res | main.go:10:7:10:7 | 0 |
-| main.go:24:2:24:4 | SSA def(res) | main.go:24:8:24:8 | 4 |
+| main.go:24:2:24:4 | definition of res | main.go:24:8:24:8 | 4 |
 | main.go:24:8:24:8 | 4 | main.go:24:8:24:8 | 4 |
 | main.go:28:15:28:17 | implicit read of res | main.go:30:9:30:9 | 6 |
 | main.go:28:15:28:17 | zero value for res | main.go:10:7:10:7 | 0 |
 | main.go:29:8:29:8 | 5 | main.go:29:8:29:8 | 5 |
 | main.go:30:9:30:9 | 6 | main.go:30:9:30:9 | 6 |
-| main.go:30:9:30:9 | SSA def(res) | main.go:30:9:30:9 | 6 |
+| main.go:30:9:30:9 | definition of res | main.go:30:9:30:9 | 6 |
+| main.go:33:15:33:17 | definition of res | main.go:10:7:10:7 | 0 |
 | main.go:33:15:33:17 | zero value for res | main.go:10:7:10:7 | 0 |
+| main.go:34:2:34:4 | definition of res | main.go:34:8:34:8 | 7 |
 | main.go:34:8:34:8 | 7 | main.go:34:8:34:8 | 7 |
 | main.go:35:8:37:4 | function call | main.go:35:8:37:4 | function call |
-| main.go:36:3:36:5 | SSA def(res) | main.go:36:9:36:9 | 8 |
+| main.go:36:3:36:5 | definition of res | main.go:36:9:36:9 | 8 |
 | main.go:36:9:36:9 | 8 | main.go:36:9:36:9 | 8 |
 | main.go:38:9:38:9 | 9 | main.go:38:9:38:9 | 9 |
-| main.go:38:9:38:9 | SSA def(res) | main.go:38:9:38:9 | 9 |
+| main.go:38:9:38:9 | definition of res | main.go:38:9:38:9 | 9 |
 | regressions.go:5:11:5:31 | call to Sizeof | regressions.go:5:11:5:31 | call to Sizeof |
 | regressions.go:7:11:7:15 | false | regressions.go:7:11:7:15 | false |
 | regressions.go:9:11:9:12 | !... | regressions.go:11:11:11:14 | true |
--- a/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected
@@ -1,132 +1,132 @@
-| main.go:22:2:22:6 | SSA def(outer) | main.go:25:7:25:11 | outer |
-| main.go:22:11:24:2 | struct literal | main.go:22:2:22:6 | SSA def(outer) |
-| main.go:22:11:24:2 | struct literal [postupdate] | main.go:22:2:22:6 | SSA def(outer) |
+| main.go:22:2:22:6 | definition of outer | main.go:25:7:25:11 | outer |
+| main.go:22:11:24:2 | struct literal | main.go:22:2:22:6 | definition of outer |
+| main.go:22:11:24:2 | struct literal [postupdate] | main.go:22:2:22:6 | definition of outer |
 | main.go:25:7:25:11 | outer | main.go:26:7:26:11 | outer |
 | main.go:26:7:26:11 | outer | main.go:27:7:27:11 | outer |
 | main.go:27:7:27:11 | outer | main.go:28:7:28:11 | outer |
-| main.go:30:2:30:7 | SSA def(outerp) | main.go:33:7:33:12 | outerp |
-| main.go:30:12:32:2 | &... | main.go:30:2:30:7 | SSA def(outerp) |
-| main.go:30:12:32:2 | &... [postupdate] | main.go:30:2:30:7 | SSA def(outerp) |
+| main.go:30:2:30:7 | definition of outerp | main.go:33:7:33:12 | outerp |
+| main.go:30:12:32:2 | &... | main.go:30:2:30:7 | definition of outerp |
+| main.go:30:12:32:2 | &... [postupdate] | main.go:30:2:30:7 | definition of outerp |
 | main.go:33:7:33:12 | outerp | main.go:34:7:34:12 | outerp |
 | main.go:33:7:33:12 | outerp [postupdate] | main.go:34:7:34:12 | outerp |
 | main.go:34:7:34:12 | outerp | main.go:35:7:35:12 | outerp |
 | main.go:34:7:34:12 | outerp [postupdate] | main.go:35:7:35:12 | outerp |
 | main.go:35:7:35:12 | outerp | main.go:36:7:36:12 | outerp |
 | main.go:35:7:35:12 | outerp [postupdate] | main.go:36:7:36:12 | outerp |
-| main.go:40:2:40:6 | SSA def(outer) | main.go:41:7:41:11 | outer |
-| main.go:40:11:40:40 | struct literal | main.go:40:2:40:6 | SSA def(outer) |
-| main.go:40:11:40:40 | struct literal [postupdate] | main.go:40:2:40:6 | SSA def(outer) |
+| main.go:40:2:40:6 | definition of outer | main.go:41:7:41:11 | outer |
+| main.go:40:11:40:40 | struct literal | main.go:40:2:40:6 | definition of outer |
+| main.go:40:11:40:40 | struct literal [postupdate] | main.go:40:2:40:6 | definition of outer |
 | main.go:41:7:41:11 | outer | main.go:42:7:42:11 | outer |
 | main.go:42:7:42:11 | outer | main.go:43:7:43:11 | outer |
 | main.go:43:7:43:11 | outer | main.go:44:7:44:11 | outer |
-| main.go:46:2:46:7 | SSA def(outerp) | main.go:47:7:47:12 | outerp |
-| main.go:46:12:46:42 | &... | main.go:46:2:46:7 | SSA def(outerp) |
-| main.go:46:12:46:42 | &... [postupdate] | main.go:46:2:46:7 | SSA def(outerp) |
+| main.go:46:2:46:7 | definition of outerp | main.go:47:7:47:12 | outerp |
+| main.go:46:12:46:42 | &... | main.go:46:2:46:7 | definition of outerp |
+| main.go:46:12:46:42 | &... [postupdate] | main.go:46:2:46:7 | definition of outerp |
 | main.go:47:7:47:12 | outerp | main.go:48:7:48:12 | outerp |
 | main.go:47:7:47:12 | outerp [postupdate] | main.go:48:7:48:12 | outerp |
 | main.go:48:7:48:12 | outerp | main.go:49:7:49:12 | outerp |
 | main.go:48:7:48:12 | outerp [postupdate] | main.go:49:7:49:12 | outerp |
 | main.go:49:7:49:12 | outerp | main.go:50:7:50:12 | outerp |
 | main.go:49:7:49:12 | outerp [postupdate] | main.go:50:7:50:12 | outerp |
-| main.go:54:2:54:6 | SSA def(inner) | main.go:55:19:55:23 | inner |
-| main.go:54:11:54:25 | struct literal | main.go:54:2:54:6 | SSA def(inner) |
-| main.go:54:11:54:25 | struct literal [postupdate] | main.go:54:2:54:6 | SSA def(inner) |
-| main.go:55:2:55:7 | SSA def(middle) | main.go:56:17:56:22 | middle |
-| main.go:55:12:55:24 | struct literal | main.go:55:2:55:7 | SSA def(middle) |
-| main.go:55:12:55:24 | struct literal [postupdate] | main.go:55:2:55:7 | SSA def(middle) |
-| main.go:56:2:56:6 | SSA def(outer) | main.go:57:7:57:11 | outer |
-| main.go:56:11:56:23 | struct literal | main.go:56:2:56:6 | SSA def(outer) |
-| main.go:56:11:56:23 | struct literal [postupdate] | main.go:56:2:56:6 | SSA def(outer) |
+| main.go:54:2:54:6 | definition of inner | main.go:55:19:55:23 | inner |
+| main.go:54:11:54:25 | struct literal | main.go:54:2:54:6 | definition of inner |
+| main.go:54:11:54:25 | struct literal [postupdate] | main.go:54:2:54:6 | definition of inner |
+| main.go:55:2:55:7 | definition of middle | main.go:56:17:56:22 | middle |
+| main.go:55:12:55:24 | struct literal | main.go:55:2:55:7 | definition of middle |
+| main.go:55:12:55:24 | struct literal [postupdate] | main.go:55:2:55:7 | definition of middle |
+| main.go:56:2:56:6 | definition of outer | main.go:57:7:57:11 | outer |
+| main.go:56:11:56:23 | struct literal | main.go:56:2:56:6 | definition of outer |
+| main.go:56:11:56:23 | struct literal [postupdate] | main.go:56:2:56:6 | definition of outer |
 | main.go:57:7:57:11 | outer | main.go:58:7:58:11 | outer |
 | main.go:58:7:58:11 | outer | main.go:59:7:59:11 | outer |
 | main.go:59:7:59:11 | outer | main.go:60:7:60:11 | outer |
-| main.go:62:2:62:7 | SSA def(innerp) | main.go:63:20:63:25 | innerp |
-| main.go:62:12:62:26 | struct literal | main.go:62:2:62:7 | SSA def(innerp) |
-| main.go:62:12:62:26 | struct literal [postupdate] | main.go:62:2:62:7 | SSA def(innerp) |
-| main.go:63:2:63:8 | SSA def(middlep) | main.go:64:18:64:24 | middlep |
-| main.go:63:13:63:26 | struct literal | main.go:63:2:63:8 | SSA def(middlep) |
-| main.go:63:13:63:26 | struct literal [postupdate] | main.go:63:2:63:8 | SSA def(middlep) |
-| main.go:64:2:64:7 | SSA def(outerp) | main.go:65:7:65:12 | outerp |
-| main.go:64:12:64:25 | struct literal | main.go:64:2:64:7 | SSA def(outerp) |
-| main.go:64:12:64:25 | struct literal [postupdate] | main.go:64:2:64:7 | SSA def(outerp) |
+| main.go:62:2:62:7 | definition of innerp | main.go:63:20:63:25 | innerp |
+| main.go:62:12:62:26 | struct literal | main.go:62:2:62:7 | definition of innerp |
+| main.go:62:12:62:26 | struct literal [postupdate] | main.go:62:2:62:7 | definition of innerp |
+| main.go:63:2:63:8 | definition of middlep | main.go:64:18:64:24 | middlep |
+| main.go:63:13:63:26 | struct literal | main.go:63:2:63:8 | definition of middlep |
+| main.go:63:13:63:26 | struct literal [postupdate] | main.go:63:2:63:8 | definition of middlep |
+| main.go:64:2:64:7 | definition of outerp | main.go:65:7:65:12 | outerp |
+| main.go:64:12:64:25 | struct literal | main.go:64:2:64:7 | definition of outerp |
+| main.go:64:12:64:25 | struct literal [postupdate] | main.go:64:2:64:7 | definition of outerp |
 | main.go:65:7:65:12 | outerp | main.go:66:7:66:12 | outerp |
 | main.go:66:7:66:12 | outerp | main.go:67:7:67:12 | outerp |
 | main.go:67:7:67:12 | outerp | main.go:68:7:68:12 | outerp |
-| main.go:72:2:72:6 | SSA def(inner) | main.go:73:26:73:30 | inner |
-| main.go:72:11:72:25 | struct literal | main.go:72:2:72:6 | SSA def(inner) |
-| main.go:72:11:72:25 | struct literal [postupdate] | main.go:72:2:72:6 | SSA def(inner) |
-| main.go:73:2:73:7 | SSA def(middle) | main.go:74:25:74:30 | middle |
-| main.go:73:12:73:31 | struct literal | main.go:73:2:73:7 | SSA def(middle) |
-| main.go:73:12:73:31 | struct literal [postupdate] | main.go:73:2:73:7 | SSA def(middle) |
-| main.go:74:2:74:6 | SSA def(outer) | main.go:75:7:75:11 | outer |
-| main.go:74:11:74:31 | struct literal | main.go:74:2:74:6 | SSA def(outer) |
-| main.go:74:11:74:31 | struct literal [postupdate] | main.go:74:2:74:6 | SSA def(outer) |
+| main.go:72:2:72:6 | definition of inner | main.go:73:26:73:30 | inner |
+| main.go:72:11:72:25 | struct literal | main.go:72:2:72:6 | definition of inner |
+| main.go:72:11:72:25 | struct literal [postupdate] | main.go:72:2:72:6 | definition of inner |
+| main.go:73:2:73:7 | definition of middle | main.go:74:25:74:30 | middle |
+| main.go:73:12:73:31 | struct literal | main.go:73:2:73:7 | definition of middle |
+| main.go:73:12:73:31 | struct literal [postupdate] | main.go:73:2:73:7 | definition of middle |
+| main.go:74:2:74:6 | definition of outer | main.go:75:7:75:11 | outer |
+| main.go:74:11:74:31 | struct literal | main.go:74:2:74:6 | definition of outer |
+| main.go:74:11:74:31 | struct literal [postupdate] | main.go:74:2:74:6 | definition of outer |
 | main.go:75:7:75:11 | outer | main.go:76:7:76:11 | outer |
 | main.go:76:7:76:11 | outer | main.go:77:7:77:11 | outer |
 | main.go:77:7:77:11 | outer | main.go:78:7:78:11 | outer |
-| main.go:80:2:80:7 | SSA def(innerp) | main.go:81:27:81:32 | innerp |
-| main.go:80:12:80:26 | struct literal | main.go:80:2:80:7 | SSA def(innerp) |
-| main.go:80:12:80:26 | struct literal [postupdate] | main.go:80:2:80:7 | SSA def(innerp) |
-| main.go:81:2:81:8 | SSA def(middlep) | main.go:82:26:82:32 | middlep |
-| main.go:81:13:81:33 | struct literal | main.go:81:2:81:8 | SSA def(middlep) |
-| main.go:81:13:81:33 | struct literal [postupdate] | main.go:81:2:81:8 | SSA def(middlep) |
-| main.go:82:2:82:7 | SSA def(outerp) | main.go:83:7:83:12 | outerp |
-| main.go:82:12:82:33 | struct literal | main.go:82:2:82:7 | SSA def(outerp) |
-| main.go:82:12:82:33 | struct literal [postupdate] | main.go:82:2:82:7 | SSA def(outerp) |
+| main.go:80:2:80:7 | definition of innerp | main.go:81:27:81:32 | innerp |
+| main.go:80:12:80:26 | struct literal | main.go:80:2:80:7 | definition of innerp |
+| main.go:80:12:80:26 | struct literal [postupdate] | main.go:80:2:80:7 | definition of innerp |
+| main.go:81:2:81:8 | definition of middlep | main.go:82:26:82:32 | middlep |
+| main.go:81:13:81:33 | struct literal | main.go:81:2:81:8 | definition of middlep |
+| main.go:81:13:81:33 | struct literal [postupdate] | main.go:81:2:81:8 | definition of middlep |
+| main.go:82:2:82:7 | definition of outerp | main.go:83:7:83:12 | outerp |
+| main.go:82:12:82:33 | struct literal | main.go:82:2:82:7 | definition of outerp |
+| main.go:82:12:82:33 | struct literal [postupdate] | main.go:82:2:82:7 | definition of outerp |
 | main.go:83:7:83:12 | outerp | main.go:84:7:84:12 | outerp |
 | main.go:84:7:84:12 | outerp | main.go:85:7:85:12 | outerp |
 | main.go:85:7:85:12 | outerp | main.go:86:7:86:12 | outerp |
-| main.go:90:6:90:10 | SSA def(outer) | main.go:91:2:91:6 | outer |
-| main.go:90:6:90:10 | zero value for outer | main.go:90:6:90:10 | SSA def(outer) |
+| main.go:90:6:90:10 | definition of outer | main.go:91:2:91:6 | outer |
+| main.go:90:6:90:10 | zero value for outer | main.go:90:6:90:10 | definition of outer |
 | main.go:91:2:91:6 | outer | main.go:92:7:92:11 | outer |
 | main.go:91:2:91:6 | outer [postupdate] | main.go:92:7:92:11 | outer |
 | main.go:92:7:92:11 | outer | main.go:93:7:93:11 | outer |
 | main.go:93:7:93:11 | outer | main.go:94:7:94:11 | outer |
 | main.go:94:7:94:11 | outer | main.go:95:7:95:11 | outer |
-| main.go:97:6:97:11 | SSA def(outerp) | main.go:98:2:98:7 | outerp |
-| main.go:97:6:97:11 | zero value for outerp | main.go:97:6:97:11 | SSA def(outerp) |
+| main.go:97:6:97:11 | definition of outerp | main.go:98:2:98:7 | outerp |
+| main.go:97:6:97:11 | zero value for outerp | main.go:97:6:97:11 | definition of outerp |
 | main.go:98:2:98:7 | outerp | main.go:99:7:99:12 | outerp |
 | main.go:98:2:98:7 | outerp [postupdate] | main.go:99:7:99:12 | outerp |
 | main.go:99:7:99:12 | outerp | main.go:100:7:100:12 | outerp |
 | main.go:100:7:100:12 | outerp | main.go:101:7:101:12 | outerp |
 | main.go:101:7:101:12 | outerp | main.go:102:7:102:12 | outerp |
-| main.go:106:6:106:10 | SSA def(outer) | main.go:107:2:107:6 | outer |
-| main.go:106:6:106:10 | zero value for outer | main.go:106:6:106:10 | SSA def(outer) |
+| main.go:106:6:106:10 | definition of outer | main.go:107:2:107:6 | outer |
+| main.go:106:6:106:10 | zero value for outer | main.go:106:6:106:10 | definition of outer |
 | main.go:107:2:107:6 | outer | main.go:108:7:108:11 | outer |
 | main.go:107:2:107:6 | outer [postupdate] | main.go:108:7:108:11 | outer |
 | main.go:108:7:108:11 | outer | main.go:109:7:109:11 | outer |
 | main.go:109:7:109:11 | outer | main.go:110:7:110:11 | outer |
 | main.go:110:7:110:11 | outer | main.go:111:7:111:11 | outer |
-| main.go:113:6:113:11 | SSA def(outerp) | main.go:114:2:114:7 | outerp |
-| main.go:113:6:113:11 | zero value for outerp | main.go:113:6:113:11 | SSA def(outerp) |
+| main.go:113:6:113:11 | definition of outerp | main.go:114:2:114:7 | outerp |
+| main.go:113:6:113:11 | zero value for outerp | main.go:113:6:113:11 | definition of outerp |
 | main.go:114:2:114:7 | outerp | main.go:115:7:115:12 | outerp |
 | main.go:114:2:114:7 | outerp [postupdate] | main.go:115:7:115:12 | outerp |
 | main.go:115:7:115:12 | outerp | main.go:116:7:116:12 | outerp |
 | main.go:116:7:116:12 | outerp | main.go:117:7:117:12 | outerp |
 | main.go:117:7:117:12 | outerp | main.go:118:7:118:12 | outerp |
-| main.go:122:6:122:10 | SSA def(outer) | main.go:123:2:123:6 | outer |
-| main.go:122:6:122:10 | zero value for outer | main.go:122:6:122:10 | SSA def(outer) |
+| main.go:122:6:122:10 | definition of outer | main.go:123:2:123:6 | outer |
+| main.go:122:6:122:10 | zero value for outer | main.go:122:6:122:10 | definition of outer |
 | main.go:123:2:123:6 | outer | main.go:124:7:124:11 | outer |
 | main.go:123:2:123:6 | outer [postupdate] | main.go:124:7:124:11 | outer |
 | main.go:124:7:124:11 | outer | main.go:125:7:125:11 | outer |
 | main.go:125:7:125:11 | outer | main.go:126:7:126:11 | outer |
 | main.go:126:7:126:11 | outer | main.go:127:7:127:11 | outer |
-| main.go:129:6:129:11 | SSA def(outerp) | main.go:130:2:130:7 | outerp |
-| main.go:129:6:129:11 | zero value for outerp | main.go:129:6:129:11 | SSA def(outerp) |
+| main.go:129:6:129:11 | definition of outerp | main.go:130:2:130:7 | outerp |
+| main.go:129:6:129:11 | zero value for outerp | main.go:129:6:129:11 | definition of outerp |
 | main.go:130:2:130:7 | outerp | main.go:131:7:131:12 | outerp |
 | main.go:130:2:130:7 | outerp [postupdate] | main.go:131:7:131:12 | outerp |
 | main.go:131:7:131:12 | outerp | main.go:132:7:132:12 | outerp |
 | main.go:132:7:132:12 | outerp | main.go:133:7:133:12 | outerp |
 | main.go:133:7:133:12 | outerp | main.go:134:7:134:12 | outerp |
-| main.go:138:6:138:10 | SSA def(outer) | main.go:139:2:139:6 | outer |
-| main.go:138:6:138:10 | zero value for outer | main.go:138:6:138:10 | SSA def(outer) |
+| main.go:138:6:138:10 | definition of outer | main.go:139:2:139:6 | outer |
+| main.go:138:6:138:10 | zero value for outer | main.go:138:6:138:10 | definition of outer |
 | main.go:139:2:139:6 | outer | main.go:140:7:140:11 | outer |
 | main.go:139:2:139:6 | outer [postupdate] | main.go:140:7:140:11 | outer |
 | main.go:140:7:140:11 | outer | main.go:141:7:141:11 | outer |
 | main.go:141:7:141:11 | outer | main.go:142:7:142:11 | outer |
 | main.go:142:7:142:11 | outer | main.go:143:7:143:11 | outer |
-| main.go:145:6:145:11 | SSA def(outerp) | main.go:146:2:146:7 | outerp |
-| main.go:145:6:145:11 | zero value for outerp | main.go:145:6:145:11 | SSA def(outerp) |
+| main.go:145:6:145:11 | definition of outerp | main.go:146:2:146:7 | outerp |
+| main.go:145:6:145:11 | zero value for outerp | main.go:145:6:145:11 | definition of outerp |
 | main.go:146:2:146:7 | outerp | main.go:147:7:147:12 | outerp |
 | main.go:146:2:146:7 | outerp [postupdate] | main.go:147:7:147:12 | outerp |
 | main.go:147:7:147:12 | outerp | main.go:148:7:148:12 | outerp |
--- a/go/ql/test/library-tests/semmle/go/dataflow/SSA/DefUse.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/SSA/DefUse.expected
@@ -1,42 +1,34 @@
-| main.go:15:12:15:12 | x | main.go:13:6:13:6 | SSA def(x) | main.go:13:6:13:6 | x |
-| main.go:15:15:15:15 | y | main.go:14:2:14:2 | SSA def(y) | main.go:14:2:14:2 | y |
-| main.go:17:3:17:3 | y | main.go:14:2:14:2 | SSA def(y) | main.go:14:2:14:2 | y |
-| main.go:19:12:19:12 | x | main.go:13:6:13:6 | SSA def(x) | main.go:13:6:13:6 | x |
-| main.go:19:15:19:15 | y | main.go:19:2:19:10 | SSA phi(y) | main.go:14:2:14:2 | y |
-| main.go:21:7:21:7 | y | main.go:19:2:19:10 | SSA phi(y) | main.go:14:2:14:2 | y |
-| main.go:23:12:23:12 | x | main.go:23:2:23:10 | SSA phi(x) | main.go:13:6:13:6 | x |
-| main.go:23:15:23:15 | y | main.go:19:2:19:10 | SSA phi(y) | main.go:14:2:14:2 | y |
-| main.go:27:10:27:10 | x | main.go:26:10:26:10 | SSA def(x) | main.go:26:10:26:10 | x |
-| main.go:29:10:29:10 | b | main.go:27:5:27:5 | SSA def(b) | main.go:27:5:27:5 | b |
-| main.go:29:13:29:13 | a | main.go:27:2:27:2 | SSA def(a) | main.go:27:2:27:2 | a |
-| main.go:31:9:31:9 | a | main.go:31:9:31:9 | SSA phi(a) | main.go:27:2:27:2 | a |
-| main.go:31:12:31:12 | b | main.go:31:9:31:9 | SSA phi(b) | main.go:27:5:27:5 | b |
-| main.go:35:3:35:3 | x | main.go:34:11:34:11 | SSA def(x) | main.go:34:11:34:11 | x |
-| main.go:40:10:40:10 | x | main.go:39:2:39:2 | SSA def(x) | main.go:39:2:39:2 | x |
-| main.go:42:8:42:10 | ptr | main.go:40:2:40:4 | SSA def(ptr) | main.go:40:2:40:4 | ptr |
-| main.go:44:12:44:12 | x | main.go:39:2:39:2 | SSA def(x) | main.go:39:2:39:2 | x |
-| main.go:47:13:47:18 | implicit read of result | main.go:48:2:48:7 | SSA def(result) | main.go:47:13:47:18 | result |
-| main.go:52:14:52:19 | implicit read of result | main.go:52:14:52:19 | SSA def(result) | main.go:52:14:52:19 | result |
-| main.go:61:12:61:12 | x | main.go:58:6:58:9 | SSA phi(x) | main.go:57:6:57:6 | x |
-| main.go:64:16:64:16 | i | main.go:65:6:65:9 | SSA phi(i) | main.go:64:6:64:6 | i |
-| main.go:70:12:70:12 | y | main.go:65:6:65:9 | SSA phi(y) | main.go:63:2:63:2 | y |
-| main.go:73:16:73:16 | i | main.go:74:3:74:3 | SSA phi(i) | main.go:73:6:73:6 | i |
-| main.go:79:12:79:12 | z | main.go:74:3:74:3 | SSA def(z) | main.go:72:2:72:2 | z |
-| main.go:82:18:82:18 | implicit read of a | main.go:84:5:84:5 | SSA def(a) | main.go:82:18:82:18 | a |
-| main.go:82:25:82:25 | implicit read of b | main.go:82:25:82:25 | SSA def(b) | main.go:82:25:82:25 | b |
-| main.go:84:9:84:9 | x | main.go:83:2:83:2 | SSA def(x) | main.go:83:2:83:2 | x |
-| main.go:84:15:84:15 | x | main.go:83:2:83:2 | SSA def(x) | main.go:83:2:83:2 | x |
-| main.go:97:2:97:8 | wrapper | main.go:95:22:95:28 | SSA def(wrapper) | main.go:95:22:95:28 | wrapper |
-| main.go:100:9:100:9 | x | main.go:97:2:99:3 | SSA def(x) | main.go:96:2:96:2 | x |
-| main.go:105:2:105:8 | wrapper | main.go:103:20:103:26 | SSA def(wrapper) | main.go:103:20:103:26 | wrapper |
-| main.go:106:8:106:8 | x | main.go:105:16:108:2 | SSA def(x) | main.go:104:2:104:2 | x |
-| main.go:107:7:107:7 | y | main.go:106:3:106:3 | SSA def(y) | main.go:106:3:106:3 | y |
-| main.go:109:9:109:9 | x | main.go:104:2:104:2 | SSA def(x) | main.go:104:2:104:2 | x |
-| main.go:114:2:114:8 | wrapper | main.go:112:29:112:35 | SSA def(wrapper) | main.go:112:29:112:35 | wrapper |
-| main.go:115:8:115:8 | x | main.go:114:16:117:2 | SSA def(x) | main.go:113:2:113:2 | x |
-| main.go:116:7:116:7 | y | main.go:115:3:115:3 | SSA def(y) | main.go:115:3:115:3 | y |
-| main.go:118:9:118:9 | x | main.go:114:2:117:3 | SSA def(x) | main.go:113:2:113:2 | x |
-| main.go:135:2:135:2 | p | main.go:135:2:135:2 | SSA phi(p) | main.go:128:6:128:6 | p |
-| main.go:137:12:137:12 | p | main.go:135:2:135:2 | SSA phi(p) | main.go:128:6:128:6 | p |
-| main.go:137:17:137:17 | p | main.go:135:2:135:2 | SSA phi(p) | main.go:128:6:128:6 | p |
-| main.go:137:24:137:24 | p | main.go:135:2:135:2 | SSA phi(p) | main.go:128:6:128:6 | p |
+| main.go:15:12:15:12 | x | main.go:13:6:13:6 | definition of x | main.go:13:6:13:6 | x |
+| main.go:15:15:15:15 | y | main.go:14:2:14:2 | definition of y | main.go:14:2:14:2 | y |
+| main.go:17:3:17:3 | y | main.go:14:2:14:2 | definition of y | main.go:14:2:14:2 | y |
+| main.go:19:12:19:12 | x | main.go:13:6:13:6 | definition of x | main.go:13:6:13:6 | x |
+| main.go:19:15:19:15 | y | main.go:19:2:19:10 | y = phi(def@14:2, def@17:3) | main.go:14:2:14:2 | y |
+| main.go:21:7:21:7 | y | main.go:19:2:19:10 | y = phi(def@14:2, def@17:3) | main.go:14:2:14:2 | y |
+| main.go:23:12:23:12 | x | main.go:23:2:23:10 | x = phi(def@13:6, def@21:3) | main.go:13:6:13:6 | x |
+| main.go:23:15:23:15 | y | main.go:19:2:19:10 | y = phi(def@14:2, def@17:3) | main.go:14:2:14:2 | y |
+| main.go:27:10:27:10 | x | main.go:26:10:26:10 | definition of x | main.go:26:10:26:10 | x |
+| main.go:29:10:29:10 | b | main.go:27:5:27:5 | definition of b | main.go:27:5:27:5 | b |
+| main.go:29:13:29:13 | a | main.go:27:2:27:2 | definition of a | main.go:27:2:27:2 | a |
+| main.go:31:9:31:9 | a | main.go:31:9:31:9 | a = phi(def@27:2, def@29:3) | main.go:27:2:27:2 | a |
+| main.go:31:12:31:12 | b | main.go:31:9:31:9 | b = phi(def@27:5, def@29:6) | main.go:27:5:27:5 | b |
+| main.go:35:3:35:3 | x | main.go:34:11:34:11 | definition of x | main.go:34:11:34:11 | x |
+| main.go:40:10:40:10 | x | main.go:39:2:39:2 | definition of x | main.go:39:2:39:2 | x |
+| main.go:42:8:42:10 | ptr | main.go:40:2:40:4 | definition of ptr | main.go:40:2:40:4 | ptr |
+| main.go:44:12:44:12 | x | main.go:39:2:39:2 | definition of x | main.go:39:2:39:2 | x |
+| main.go:47:13:47:18 | implicit read of result | main.go:48:2:48:7 | definition of result | main.go:47:13:47:18 | result |
+| main.go:52:14:52:19 | implicit read of result | main.go:52:14:52:19 | definition of result | main.go:52:14:52:19 | result |
+| main.go:61:12:61:12 | x | main.go:58:6:58:9 | x = phi(def@57:6, def@59:3) | main.go:57:6:57:6 | x |
+| main.go:64:16:64:16 | i | main.go:65:6:65:9 | i = phi(def@64:16, def@64:6) | main.go:64:6:64:6 | i |
+| main.go:70:12:70:12 | y | main.go:65:6:65:9 | y = phi(def@63:2, def@68:3) | main.go:63:2:63:2 | y |
+| main.go:73:16:73:16 | i | main.go:74:3:74:3 | i = phi(def@73:16, def@73:6) | main.go:73:6:73:6 | i |
+| main.go:79:12:79:12 | z | main.go:74:3:74:3 | definition of z | main.go:72:2:72:2 | z |
+| main.go:82:18:82:18 | implicit read of a | main.go:84:5:84:5 | definition of a | main.go:82:18:82:18 | a |
+| main.go:82:25:82:25 | implicit read of b | main.go:82:25:82:25 | definition of b | main.go:82:25:82:25 | b |
+| main.go:84:9:84:9 | x | main.go:83:2:83:2 | definition of x | main.go:83:2:83:2 | x |
+| main.go:84:15:84:15 | x | main.go:83:2:83:2 | definition of x | main.go:83:2:83:2 | x |
+| main.go:97:2:97:8 | wrapper | main.go:95:22:95:28 | definition of wrapper | main.go:95:22:95:28 | wrapper |
+| main.go:100:9:100:9 | x | main.go:97:2:99:3 | capture variable x | main.go:96:2:96:2 | x |
+| main.go:117:2:117:2 | p | main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) | main.go:110:6:110:6 | p |
+| main.go:119:12:119:12 | p | main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) | main.go:110:6:110:6 | p |
+| main.go:119:17:119:17 | p | main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) | main.go:110:6:110:6 | p |
+| main.go:119:24:119:24 | p | main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) | main.go:110:6:110:6 | p |
--- a/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaDefinition.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaDefinition.expected
@@ -1,51 +1,41 @@
-| main.go:13:6:13:6 | SSA def(x) |
-| main.go:14:2:14:2 | SSA def(y) |
-| main.go:17:3:17:3 | SSA def(y) |
-| main.go:19:2:19:10 | SSA phi(y) |
-| main.go:21:3:21:3 | SSA def(x) |
-| main.go:23:2:23:10 | SSA phi(x) |
-| main.go:26:10:26:10 | SSA def(x) |
-| main.go:27:2:27:2 | SSA def(a) |
-| main.go:27:5:27:5 | SSA def(b) |
-| main.go:29:3:29:3 | SSA def(a) |
-| main.go:29:6:29:6 | SSA def(b) |
-| main.go:31:9:31:9 | SSA phi(a) |
-| main.go:31:9:31:9 | SSA phi(b) |
-| main.go:34:11:34:11 | SSA def(x) |
-| main.go:39:2:39:2 | SSA def(x) |
-| main.go:40:2:40:4 | SSA def(ptr) |
-| main.go:48:2:48:7 | SSA def(result) |
-| main.go:52:14:52:19 | SSA def(result) |
-| main.go:57:6:57:6 | SSA def(x) |
-| main.go:58:6:58:9 | SSA phi(x) |
-| main.go:59:3:59:3 | SSA def(x) |
-| main.go:63:2:63:2 | SSA def(y) |
-| main.go:64:6:64:6 | SSA def(i) |
-| main.go:64:16:64:18 | SSA def(i) |
-| main.go:65:6:65:9 | SSA phi(i) |
-| main.go:65:6:65:9 | SSA phi(y) |
-| main.go:68:3:68:3 | SSA def(y) |
-| main.go:73:6:73:6 | SSA def(i) |
-| main.go:73:16:73:18 | SSA def(i) |
-| main.go:74:3:74:3 | SSA def(z) |
-| main.go:74:3:74:3 | SSA phi(i) |
-| main.go:82:25:82:25 | SSA def(b) |
-| main.go:83:2:83:2 | SSA def(x) |
-| main.go:84:5:84:5 | SSA def(a) |
-| main.go:95:22:95:28 | SSA def(wrapper) |
-| main.go:96:2:96:2 | SSA def(x) |
-| main.go:97:2:99:3 | SSA def(x) |
-| main.go:98:3:98:3 | SSA def(x) |
-| main.go:103:20:103:26 | SSA def(wrapper) |
-| main.go:104:2:104:2 | SSA def(x) |
-| main.go:105:16:108:2 | SSA def(x) |
-| main.go:106:3:106:3 | SSA def(y) |
-| main.go:112:29:112:35 | SSA def(wrapper) |
-| main.go:113:2:113:2 | SSA def(x) |
-| main.go:114:2:117:3 | SSA def(x) |
-| main.go:114:16:117:2 | SSA def(x) |
-| main.go:115:3:115:3 | SSA def(y) |
-| main.go:116:3:116:3 | SSA def(x) |
-| main.go:130:3:130:3 | SSA def(p) |
-| main.go:132:3:132:3 | SSA def(p) |
-| main.go:135:2:135:2 | SSA phi(p) |
+| main.go:13:6:13:6 | definition of x |
+| main.go:14:2:14:2 | definition of y |
+| main.go:17:3:17:3 | definition of y |
+| main.go:19:2:19:10 | y = phi(def@14:2, def@17:3) |
+| main.go:21:3:21:3 | definition of x |
+| main.go:23:2:23:10 | x = phi(def@13:6, def@21:3) |
+| main.go:26:10:26:10 | definition of x |
+| main.go:27:2:27:2 | definition of a |
+| main.go:27:5:27:5 | definition of b |
+| main.go:29:3:29:3 | definition of a |
+| main.go:29:6:29:6 | definition of b |
+| main.go:31:9:31:9 | a = phi(def@27:2, def@29:3) |
+| main.go:31:9:31:9 | b = phi(def@27:5, def@29:6) |
+| main.go:34:11:34:11 | definition of x |
+| main.go:39:2:39:2 | definition of x |
+| main.go:40:2:40:4 | definition of ptr |
+| main.go:48:2:48:7 | definition of result |
+| main.go:52:14:52:19 | definition of result |
+| main.go:57:6:57:6 | definition of x |
+| main.go:58:6:58:9 | x = phi(def@57:6, def@59:3) |
+| main.go:59:3:59:3 | definition of x |
+| main.go:63:2:63:2 | definition of y |
+| main.go:64:6:64:6 | definition of i |
+| main.go:64:16:64:18 | definition of i |
+| main.go:65:6:65:9 | i = phi(def@64:16, def@64:6) |
+| main.go:65:6:65:9 | y = phi(def@63:2, def@68:3) |
+| main.go:68:3:68:3 | definition of y |
+| main.go:73:6:73:6 | definition of i |
+| main.go:73:16:73:18 | definition of i |
+| main.go:74:3:74:3 | definition of z |
+| main.go:74:3:74:3 | i = phi(def@73:16, def@73:6) |
+| main.go:82:25:82:25 | definition of b |
+| main.go:83:2:83:2 | definition of x |
+| main.go:84:5:84:5 | definition of a |
+| main.go:95:22:95:28 | definition of wrapper |
+| main.go:96:2:96:2 | definition of x |
+| main.go:97:2:99:3 | capture variable x |
+| main.go:98:3:98:3 | definition of x |
+| main.go:112:3:112:3 | definition of p |
+| main.go:114:3:114:3 | definition of p |
+| main.go:117:2:117:2 | p = phi(def@112:3, def@114:3) |
--- a/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaWithFields.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/SSA/SsaWithFields.expected
@@ -1,58 +1,46 @@
-| main.go:13:6:13:6 | (SSA def(x)) | x |
-| main.go:14:2:14:2 | (SSA def(y)) | y |
-| main.go:17:3:17:3 | (SSA def(y)) | y |
-| main.go:19:2:19:10 | (SSA phi(y)) | y |
-| main.go:21:3:21:3 | (SSA def(x)) | x |
-| main.go:23:2:23:10 | (SSA phi(x)) | x |
-| main.go:26:10:26:10 | (SSA def(x)) | x |
-| main.go:27:2:27:2 | (SSA def(a)) | a |
-| main.go:27:5:27:5 | (SSA def(b)) | b |
-| main.go:29:3:29:3 | (SSA def(a)) | a |
-| main.go:29:6:29:6 | (SSA def(b)) | b |
-| main.go:31:9:31:9 | (SSA phi(a)) | a |
-| main.go:31:9:31:9 | (SSA phi(b)) | b |
-| main.go:34:11:34:11 | (SSA def(x)) | x |
-| main.go:39:2:39:2 | (SSA def(x)) | x |
-| main.go:40:2:40:4 | (SSA def(ptr)) | ptr |
-| main.go:48:2:48:7 | (SSA def(result)) | result |
-| main.go:52:14:52:19 | (SSA def(result)) | result |
-| main.go:57:6:57:6 | (SSA def(x)) | x |
-| main.go:58:6:58:9 | (SSA phi(x)) | x |
-| main.go:59:3:59:3 | (SSA def(x)) | x |
-| main.go:63:2:63:2 | (SSA def(y)) | y |
-| main.go:64:6:64:6 | (SSA def(i)) | i |
-| main.go:64:16:64:18 | (SSA def(i)) | i |
-| main.go:65:6:65:9 | (SSA phi(i)) | i |
-| main.go:65:6:65:9 | (SSA phi(y)) | y |
-| main.go:68:3:68:3 | (SSA def(y)) | y |
-| main.go:73:6:73:6 | (SSA def(i)) | i |
-| main.go:73:16:73:18 | (SSA def(i)) | i |
-| main.go:74:3:74:3 | (SSA def(z)) | z |
-| main.go:74:3:74:3 | (SSA phi(i)) | i |
-| main.go:82:25:82:25 | (SSA def(b)) | b |
-| main.go:83:2:83:2 | (SSA def(x)) | x |
-| main.go:84:5:84:5 | (SSA def(a)) | a |
-| main.go:95:22:95:28 | (SSA def(wrapper)) | wrapper |
-| main.go:95:22:95:28 | (SSA def(wrapper)).s | wrapper.s |
-| main.go:96:2:96:2 | (SSA def(x)) | x |
-| main.go:97:2:99:3 | (SSA def(x)) | x |
-| main.go:98:3:98:3 | (SSA def(x)) | x |
-| main.go:103:20:103:26 | (SSA def(wrapper)) | wrapper |
-| main.go:103:20:103:26 | (SSA def(wrapper)).s | wrapper.s |
-| main.go:104:2:104:2 | (SSA def(x)) | x |
-| main.go:105:16:108:2 | (SSA def(x)) | x |
-| main.go:106:3:106:3 | (SSA def(y)) | y |
-| main.go:112:29:112:35 | (SSA def(wrapper)) | wrapper |
-| main.go:112:29:112:35 | (SSA def(wrapper)).s | wrapper.s |
-| main.go:113:2:113:2 | (SSA def(x)) | x |
-| main.go:114:2:117:3 | (SSA def(x)) | x |
-| main.go:114:16:117:2 | (SSA def(x)) | x |
-| main.go:115:3:115:3 | (SSA def(y)) | y |
-| main.go:116:3:116:3 | (SSA def(x)) | x |
-| main.go:130:3:130:3 | (SSA def(p)) | p |
-| main.go:132:3:132:3 | (SSA def(p)) | p |
-| main.go:135:2:135:2 | (SSA phi(p)) | p |
-| main.go:135:2:135:2 | (SSA phi(p)).a | p.a |
-| main.go:135:2:135:2 | (SSA phi(p)).b | p.b |
-| main.go:135:2:135:2 | (SSA phi(p)).b.a | p.b.a |
-| main.go:135:2:135:2 | (SSA phi(p)).c | p.c |
+| main.go:13:6:13:6 | (def@13:6) | x |
+| main.go:14:2:14:2 | (def@14:2) | y |
+| main.go:17:3:17:3 | (def@17:3) | y |
+| main.go:19:2:19:10 | (phi@19:2) | y |
+| main.go:21:3:21:3 | (def@21:3) | x |
+| main.go:23:2:23:10 | (phi@23:2) | x |
+| main.go:26:10:26:10 | (def@26:10) | x |
+| main.go:27:2:27:2 | (def@27:2) | a |
+| main.go:27:5:27:5 | (def@27:5) | b |
+| main.go:29:3:29:3 | (def@29:3) | a |
+| main.go:29:6:29:6 | (def@29:6) | b |
+| main.go:31:9:31:9 | (phi@31:9) | a |
+| main.go:31:9:31:9 | (phi@31:9) | b |
+| main.go:34:11:34:11 | (def@34:11) | x |
+| main.go:39:2:39:2 | (def@39:2) | x |
+| main.go:40:2:40:4 | (def@40:2) | ptr |
+| main.go:48:2:48:7 | (def@48:2) | result |
+| main.go:52:14:52:19 | (def@52:14) | result |
+| main.go:57:6:57:6 | (def@57:6) | x |
+| main.go:58:6:58:9 | (phi@58:6) | x |
+| main.go:59:3:59:3 | (def@59:3) | x |
+| main.go:63:2:63:2 | (def@63:2) | y |
+| main.go:64:6:64:6 | (def@64:6) | i |
+| main.go:64:16:64:18 | (def@64:16) | i |
+| main.go:65:6:65:9 | (phi@65:6) | i |
+| main.go:65:6:65:9 | (phi@65:6) | y |
+| main.go:68:3:68:3 | (def@68:3) | y |
+| main.go:73:6:73:6 | (def@73:6) | i |
+| main.go:73:16:73:18 | (def@73:16) | i |
+| main.go:74:3:74:3 | (def@74:3) | z |
+| main.go:74:3:74:3 | (phi@74:3) | i |
+| main.go:82:25:82:25 | (def@82:25) | b |
+| main.go:83:2:83:2 | (def@83:2) | x |
+| main.go:84:5:84:5 | (def@84:5) | a |
+| main.go:95:22:95:28 | (def@95:22) | wrapper |
+| main.go:95:22:95:28 | (def@95:22).s | wrapper.s |
+| main.go:96:2:96:2 | (def@96:2) | x |
+| main.go:97:2:99:3 | (capture@97:2) | x |
+| main.go:98:3:98:3 | (def@98:3) | x |
+| main.go:112:3:112:3 | (def@112:3) | p |
+| main.go:114:3:114:3 | (def@114:3) | p |
+| main.go:117:2:117:2 | (phi@117:2) | p |
+| main.go:117:2:117:2 | (phi@117:2).a | p.a |
+| main.go:117:2:117:2 | (phi@117:2).b | p.b |
+| main.go:117:2:117:2 | (phi@117:2).b.a | p.b.a |
+| main.go:117:2:117:2 | (phi@117:2).c | p.c |
--- a/go/ql/test/library-tests/semmle/go/dataflow/SSA/VarDefs.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/SSA/VarDefs.expected
@@ -32,23 +32,16 @@
 | main.go:95:22:95:28 | initialization of wrapper | main.go:95:22:95:28 | wrapper | main.go:95:22:95:28 | argument corresponding to wrapper |
 | main.go:96:2:96:2 | assignment to x | main.go:96:2:96:2 | x | main.go:96:7:96:7 | 0 |
 | main.go:98:3:98:3 | assignment to x | main.go:96:2:96:2 | x | main.go:98:7:98:7 | 1 |
-| main.go:103:20:103:26 | initialization of wrapper | main.go:103:20:103:26 | wrapper | main.go:103:20:103:26 | argument corresponding to wrapper |
-| main.go:104:2:104:2 | assignment to x | main.go:104:2:104:2 | x | main.go:104:7:104:7 | 0 |
-| main.go:106:3:106:3 | assignment to y | main.go:106:3:106:3 | y | main.go:106:8:106:8 | x |
-| main.go:112:29:112:35 | initialization of wrapper | main.go:112:29:112:35 | wrapper | main.go:112:29:112:35 | argument corresponding to wrapper |
-| main.go:113:2:113:2 | assignment to x | main.go:113:2:113:2 | x | main.go:113:7:113:7 | 0 |
-| main.go:115:3:115:3 | assignment to y | main.go:115:3:115:3 | y | main.go:115:8:115:12 | ...+... |
-| main.go:116:3:116:3 | assignment to x | main.go:113:2:113:2 | x | main.go:116:7:116:7 | y |
-| main.go:128:6:128:6 | assignment to p | main.go:128:6:128:6 | p | main.go:128:6:128:6 | zero value for p |
-| main.go:130:3:130:3 | assignment to p | main.go:128:6:128:6 | p | main.go:130:7:130:24 | struct literal |
-| main.go:130:9:130:9 | init of 2 | main.go:122:2:122:2 | a | main.go:130:9:130:9 | 2 |
-| main.go:130:12:130:18 | init of struct literal | main.go:123:2:123:2 | b | main.go:130:12:130:18 | struct literal |
-| main.go:130:14:130:14 | init of 1 | main.go:89:2:89:2 | a | main.go:130:14:130:14 | 1 |
-| main.go:130:17:130:17 | init of 5 | main.go:90:2:90:2 | b | main.go:130:17:130:17 | 5 |
-| main.go:130:21:130:23 | init of 'n' | main.go:124:2:124:2 | c | main.go:130:21:130:23 | 'n' |
-| main.go:132:3:132:3 | assignment to p | main.go:128:6:128:6 | p | main.go:132:7:132:24 | struct literal |
-| main.go:132:9:132:9 | init of 3 | main.go:122:2:122:2 | a | main.go:132:9:132:9 | 3 |
-| main.go:132:12:132:18 | init of struct literal | main.go:123:2:123:2 | b | main.go:132:12:132:18 | struct literal |
-| main.go:132:14:132:14 | init of 4 | main.go:89:2:89:2 | a | main.go:132:14:132:14 | 4 |
-| main.go:132:17:132:17 | init of 5 | main.go:90:2:90:2 | b | main.go:132:17:132:17 | 5 |
-| main.go:132:21:132:23 | init of '2' | main.go:124:2:124:2 | c | main.go:132:21:132:23 | '2' |
+| main.go:110:6:110:6 | assignment to p | main.go:110:6:110:6 | p | main.go:110:6:110:6 | zero value for p |
+| main.go:112:3:112:3 | assignment to p | main.go:110:6:110:6 | p | main.go:112:7:112:24 | struct literal |
+| main.go:112:9:112:9 | init of 2 | main.go:104:2:104:2 | a | main.go:112:9:112:9 | 2 |
+| main.go:112:12:112:18 | init of struct literal | main.go:105:2:105:2 | b | main.go:112:12:112:18 | struct literal |
+| main.go:112:14:112:14 | init of 1 | main.go:89:2:89:2 | a | main.go:112:14:112:14 | 1 |
+| main.go:112:17:112:17 | init of 5 | main.go:90:2:90:2 | b | main.go:112:17:112:17 | 5 |
+| main.go:112:21:112:23 | init of 'n' | main.go:106:2:106:2 | c | main.go:112:21:112:23 | 'n' |
+| main.go:114:3:114:3 | assignment to p | main.go:110:6:110:6 | p | main.go:114:7:114:24 | struct literal |
+| main.go:114:9:114:9 | init of 3 | main.go:104:2:104:2 | a | main.go:114:9:114:9 | 3 |
+| main.go:114:12:114:18 | init of struct literal | main.go:105:2:105:2 | b | main.go:114:12:114:18 | struct literal |
+| main.go:114:14:114:14 | init of 4 | main.go:89:2:89:2 | a | main.go:114:14:114:14 | 4 |
+| main.go:114:17:114:17 | init of 5 | main.go:90:2:90:2 | b | main.go:114:17:114:17 | 5 |
+| main.go:114:21:114:23 | init of '2' | main.go:106:2:106:2 | c | main.go:114:21:114:23 | '2' |
--- a/go/ql/test/library-tests/semmle/go/dataflow/SSA/VarUses.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/SSA/VarUses.expected
@@ -28,29 +28,13 @@
 | main.go:84:15:84:15 | x | main.go:83:2:83:2 | x |
 | main.go:97:2:97:8 | wrapper | main.go:95:22:95:28 | wrapper |
 | main.go:97:2:97:10 | selection of s | main.go:95:38:95:38 | s |
-| main.go:97:2:97:10 | selection of s | main.go:103:36:103:36 | s |
-| main.go:97:2:97:10 | selection of s | main.go:112:45:112:45 | s |
 | main.go:100:9:100:9 | x | main.go:96:2:96:2 | x |
-| main.go:105:2:105:8 | wrapper | main.go:103:20:103:26 | wrapper |
-| main.go:105:2:105:10 | selection of s | main.go:95:38:95:38 | s |
-| main.go:105:2:105:10 | selection of s | main.go:103:36:103:36 | s |
-| main.go:105:2:105:10 | selection of s | main.go:112:45:112:45 | s |
-| main.go:106:8:106:8 | x | main.go:104:2:104:2 | x |
-| main.go:107:7:107:7 | y | main.go:106:3:106:3 | y |
-| main.go:109:9:109:9 | x | main.go:104:2:104:2 | x |
-| main.go:114:2:114:8 | wrapper | main.go:112:29:112:35 | wrapper |
-| main.go:114:2:114:10 | selection of s | main.go:95:38:95:38 | s |
-| main.go:114:2:114:10 | selection of s | main.go:103:36:103:36 | s |
-| main.go:114:2:114:10 | selection of s | main.go:112:45:112:45 | s |
-| main.go:115:8:115:8 | x | main.go:113:2:113:2 | x |
-| main.go:116:7:116:7 | y | main.go:115:3:115:3 | y |
-| main.go:118:9:118:9 | x | main.go:113:2:113:2 | x |
-| main.go:135:2:135:2 | p | main.go:128:6:128:6 | p |
-| main.go:135:2:135:4 | selection of b | main.go:123:2:123:2 | b |
-| main.go:137:12:137:12 | p | main.go:128:6:128:6 | p |
-| main.go:137:12:137:14 | selection of a | main.go:122:2:122:2 | a |
-| main.go:137:17:137:17 | p | main.go:128:6:128:6 | p |
-| main.go:137:17:137:19 | selection of b | main.go:123:2:123:2 | b |
-| main.go:137:17:137:21 | selection of a | main.go:89:2:89:2 | a |
-| main.go:137:24:137:24 | p | main.go:128:6:128:6 | p |
-| main.go:137:24:137:26 | selection of c | main.go:124:2:124:2 | c |
+| main.go:117:2:117:2 | p | main.go:110:6:110:6 | p |
+| main.go:117:2:117:4 | selection of b | main.go:105:2:105:2 | b |
+| main.go:119:12:119:12 | p | main.go:110:6:110:6 | p |
+| main.go:119:12:119:14 | selection of a | main.go:104:2:104:2 | a |
+| main.go:119:17:119:17 | p | main.go:110:6:110:6 | p |
+| main.go:119:17:119:19 | selection of b | main.go:105:2:105:2 | b |
+| main.go:119:17:119:21 | selection of a | main.go:89:2:89:2 | a |
+| main.go:119:24:119:24 | p | main.go:110:6:110:6 | p |
+| main.go:119:24:119:26 | selection of c | main.go:106:2:106:2 | c |
--- a/go/ql/test/library-tests/semmle/go/dataflow/SSA/main.go
+++ b/go/ql/test/library-tests/semmle/go/dataflow/SSA/main.go
@@ -100,24 +100,6 @@ func updateInClosure(wrapper struct{ s }) int {
 	return x
 }

-func readInClosure(wrapper struct{ s }) int {
-	x := 0
-	wrapper.s.foo(func() {
-		y := x
-		_ = y
-	})
-	return x
-}
-
-func readAndUpdateInClosure(wrapper struct{ s }) int {
-	x := 0
-	wrapper.s.foo(func() {
-		y := x + 1
-		x = y
-	})
-	return x
-}
-
 type t struct {
 	a int
 	b s
--- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected
@@ -1,73 +1,73 @@
 #select
-| test.go:154:14:154:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:154:14:154:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:155:17:155:24 | password | test.go:153:17:153:24 | SSA def(password) | test.go:155:17:155:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:156:14:156:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:156:14:156:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:157:18:157:25 | password | test.go:153:17:153:24 | SSA def(password) | test.go:157:18:157:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:158:14:158:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:158:14:158:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:159:13:159:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:159:13:159:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:160:22:160:29 | password | test.go:153:17:153:24 | SSA def(password) | test.go:160:22:160:29 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:161:15:161:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:161:15:161:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:162:14:162:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:162:14:162:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:163:13:163:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:163:13:163:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:164:16:164:23 | password | test.go:153:17:153:24 | SSA def(password) | test.go:164:16:164:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:165:13:165:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:165:13:165:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:166:16:166:23 | password | test.go:153:17:153:24 | SSA def(password) | test.go:166:16:166:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:167:13:167:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:167:13:167:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:168:17:168:24 | password | test.go:153:17:153:24 | SSA def(password) | test.go:168:17:168:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:169:13:169:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:169:13:169:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:170:12:170:19 | password | test.go:153:17:153:24 | SSA def(password) | test.go:170:12:170:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:171:21:171:28 | password | test.go:153:17:153:24 | SSA def(password) | test.go:171:21:171:28 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:172:14:172:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:172:14:172:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:173:13:173:20 | password | test.go:153:17:153:24 | SSA def(password) | test.go:173:13:173:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:174:12:174:19 | password | test.go:153:17:153:24 | SSA def(password) | test.go:174:12:174:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:175:15:175:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:175:15:175:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:176:15:176:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:176:15:176:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:177:18:177:25 | password | test.go:153:17:153:24 | SSA def(password) | test.go:177:18:177:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:178:15:178:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:178:15:178:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:179:19:179:26 | password | test.go:153:17:153:24 | SSA def(password) | test.go:179:19:179:26 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:180:15:180:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:180:15:180:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:181:14:181:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:181:14:181:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:182:23:182:30 | password | test.go:153:17:153:24 | SSA def(password) | test.go:182:23:182:30 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:183:16:183:23 | password | test.go:153:17:153:24 | SSA def(password) | test.go:183:16:183:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:184:15:184:22 | password | test.go:153:17:153:24 | SSA def(password) | test.go:184:15:184:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:185:14:185:21 | password | test.go:153:17:153:24 | SSA def(password) | test.go:185:14:185:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:186:17:186:24 | password | test.go:153:17:153:24 | SSA def(password) | test.go:186:17:186:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
-| test.go:187:16:187:23 | password | test.go:153:17:153:24 | SSA def(password) | test.go:187:16:187:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | SSA def(password) | Sensitive data returned by an access to password |
+| test.go:154:14:154:21 | password | test.go:153:17:153:24 | definition of password | test.go:154:14:154:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:155:17:155:24 | password | test.go:153:17:153:24 | definition of password | test.go:155:17:155:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:156:14:156:21 | password | test.go:153:17:153:24 | definition of password | test.go:156:14:156:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:157:18:157:25 | password | test.go:153:17:153:24 | definition of password | test.go:157:18:157:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:158:14:158:21 | password | test.go:153:17:153:24 | definition of password | test.go:158:14:158:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:159:13:159:20 | password | test.go:153:17:153:24 | definition of password | test.go:159:13:159:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:160:22:160:29 | password | test.go:153:17:153:24 | definition of password | test.go:160:22:160:29 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:161:15:161:22 | password | test.go:153:17:153:24 | definition of password | test.go:161:15:161:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:162:14:162:21 | password | test.go:153:17:153:24 | definition of password | test.go:162:14:162:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:163:13:163:20 | password | test.go:153:17:153:24 | definition of password | test.go:163:13:163:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:164:16:164:23 | password | test.go:153:17:153:24 | definition of password | test.go:164:16:164:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:165:13:165:20 | password | test.go:153:17:153:24 | definition of password | test.go:165:13:165:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:166:16:166:23 | password | test.go:153:17:153:24 | definition of password | test.go:166:16:166:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:167:13:167:20 | password | test.go:153:17:153:24 | definition of password | test.go:167:13:167:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:168:17:168:24 | password | test.go:153:17:153:24 | definition of password | test.go:168:17:168:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:169:13:169:20 | password | test.go:153:17:153:24 | definition of password | test.go:169:13:169:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:170:12:170:19 | password | test.go:153:17:153:24 | definition of password | test.go:170:12:170:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:171:21:171:28 | password | test.go:153:17:153:24 | definition of password | test.go:171:21:171:28 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:172:14:172:21 | password | test.go:153:17:153:24 | definition of password | test.go:172:14:172:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:173:13:173:20 | password | test.go:153:17:153:24 | definition of password | test.go:173:13:173:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:174:12:174:19 | password | test.go:153:17:153:24 | definition of password | test.go:174:12:174:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:175:15:175:22 | password | test.go:153:17:153:24 | definition of password | test.go:175:15:175:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:176:15:176:22 | password | test.go:153:17:153:24 | definition of password | test.go:176:15:176:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:177:18:177:25 | password | test.go:153:17:153:24 | definition of password | test.go:177:18:177:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:178:15:178:22 | password | test.go:153:17:153:24 | definition of password | test.go:178:15:178:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:179:19:179:26 | password | test.go:153:17:153:24 | definition of password | test.go:179:19:179:26 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:180:15:180:22 | password | test.go:153:17:153:24 | definition of password | test.go:180:15:180:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:181:14:181:21 | password | test.go:153:17:153:24 | definition of password | test.go:181:14:181:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:182:23:182:30 | password | test.go:153:17:153:24 | definition of password | test.go:182:23:182:30 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:183:16:183:23 | password | test.go:153:17:153:24 | definition of password | test.go:183:16:183:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:184:15:184:22 | password | test.go:153:17:153:24 | definition of password | test.go:184:15:184:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:185:14:185:21 | password | test.go:153:17:153:24 | definition of password | test.go:185:14:185:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:186:17:186:24 | password | test.go:153:17:153:24 | definition of password | test.go:186:17:186:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
+| test.go:187:16:187:23 | password | test.go:153:17:153:24 | definition of password | test.go:187:16:187:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
 edges
-| test.go:153:17:153:24 | SSA def(password) | test.go:154:14:154:21 | password | provenance |  |
-| test.go:153:17:153:24 | SSA def(password) | test.go:155:17:155:24 | password | provenance |  |
-| test.go:153:17:153:24 | SSA def(password) | test.go:156:14:156:21 | password | provenance |  |
-| test.go:153:17:153:24 | SSA def(password) | test.go:157:18:157:25 | password | provenance |  |
-| test.go:153:17:153:24 | SSA def(password) | test.go:158:14:158:21 | password | provenance |  |
-| test.go:153:17:153:24 | SSA def(password) | test.go:159:13:159:20 | password | provenance |  |
-| test.go:153:17:153:24 | SSA def(password) | test.go:160:22:160:29 | password | provenance |  |
-| test.go:153:17:153:24 | SSA def(password) | test.go:161:15:161:22 | password | provenance |  |
-| test.go:153:17:153:24 | SSA def(password) | test.go:162:14:162:21 | password | provenance |  |
-| test.go:153:17:153:24 | SSA def(password) | test.go:163:13:163:20 | password | provenance |  |
-| test.go:153:17:153:24 | SSA def(password) | test.go:164:16:164:23 | password | provenance |  |
-| test.go:153:17:153:24 | SSA def(password) | test.go:165:13:165:20 | password | provenance | Sink:MaD:1 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:166:16:166:23 | password | provenance | Sink:MaD:2 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:167:13:167:20 | password | provenance | Sink:MaD:3 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:168:17:168:24 | password | provenance | Sink:MaD:4 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:169:13:169:20 | password | provenance | Sink:MaD:5 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:170:12:170:19 | password | provenance | Sink:MaD:6 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:171:21:171:28 | password | provenance | Sink:MaD:7 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:172:14:172:21 | password | provenance | Sink:MaD:8 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:173:13:173:20 | password | provenance | Sink:MaD:9 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:174:12:174:19 | password | provenance | Sink:MaD:10 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:175:15:175:22 | password | provenance | Sink:MaD:11 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:176:15:176:22 | password | provenance | Sink:MaD:12 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:177:18:177:25 | password | provenance | Sink:MaD:13 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:178:15:178:22 | password | provenance | Sink:MaD:14 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:179:19:179:26 | password | provenance | Sink:MaD:15 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:180:15:180:22 | password | provenance | Sink:MaD:16 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:181:14:181:21 | password | provenance | Sink:MaD:17 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:182:23:182:30 | password | provenance | Sink:MaD:18 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:183:16:183:23 | password | provenance | Sink:MaD:19 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:184:15:184:22 | password | provenance | Sink:MaD:20 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:185:14:185:21 | password | provenance | Sink:MaD:21 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:186:17:186:24 | password | provenance | Sink:MaD:22 |
-| test.go:153:17:153:24 | SSA def(password) | test.go:187:16:187:23 | password | provenance |  |
+| test.go:153:17:153:24 | definition of password | test.go:154:14:154:21 | password | provenance |  |
+| test.go:153:17:153:24 | definition of password | test.go:155:17:155:24 | password | provenance |  |
+| test.go:153:17:153:24 | definition of password | test.go:156:14:156:21 | password | provenance |  |
+| test.go:153:17:153:24 | definition of password | test.go:157:18:157:25 | password | provenance |  |
+| test.go:153:17:153:24 | definition of password | test.go:158:14:158:21 | password | provenance |  |
+| test.go:153:17:153:24 | definition of password | test.go:159:13:159:20 | password | provenance |  |
+| test.go:153:17:153:24 | definition of password | test.go:160:22:160:29 | password | provenance |  |
+| test.go:153:17:153:24 | definition of password | test.go:161:15:161:22 | password | provenance |  |
+| test.go:153:17:153:24 | definition of password | test.go:162:14:162:21 | password | provenance |  |
+| test.go:153:17:153:24 | definition of password | test.go:163:13:163:20 | password | provenance |  |
+| test.go:153:17:153:24 | definition of password | test.go:164:16:164:23 | password | provenance |  |
+| test.go:153:17:153:24 | definition of password | test.go:165:13:165:20 | password | provenance | Sink:MaD:1 |
+| test.go:153:17:153:24 | definition of password | test.go:166:16:166:23 | password | provenance | Sink:MaD:2 |
+| test.go:153:17:153:24 | definition of password | test.go:167:13:167:20 | password | provenance | Sink:MaD:3 |
+| test.go:153:17:153:24 | definition of password | test.go:168:17:168:24 | password | provenance | Sink:MaD:4 |
+| test.go:153:17:153:24 | definition of password | test.go:169:13:169:20 | password | provenance | Sink:MaD:5 |
+| test.go:153:17:153:24 | definition of password | test.go:170:12:170:19 | password | provenance | Sink:MaD:6 |
+| test.go:153:17:153:24 | definition of password | test.go:171:21:171:28 | password | provenance | Sink:MaD:7 |
+| test.go:153:17:153:24 | definition of password | test.go:172:14:172:21 | password | provenance | Sink:MaD:8 |
+| test.go:153:17:153:24 | definition of password | test.go:173:13:173:20 | password | provenance | Sink:MaD:9 |
+| test.go:153:17:153:24 | definition of password | test.go:174:12:174:19 | password | provenance | Sink:MaD:10 |
+| test.go:153:17:153:24 | definition of password | test.go:175:15:175:22 | password | provenance | Sink:MaD:11 |
+| test.go:153:17:153:24 | definition of password | test.go:176:15:176:22 | password | provenance | Sink:MaD:12 |
+| test.go:153:17:153:24 | definition of password | test.go:177:18:177:25 | password | provenance | Sink:MaD:13 |
+| test.go:153:17:153:24 | definition of password | test.go:178:15:178:22 | password | provenance | Sink:MaD:14 |
+| test.go:153:17:153:24 | definition of password | test.go:179:19:179:26 | password | provenance | Sink:MaD:15 |
+| test.go:153:17:153:24 | definition of password | test.go:180:15:180:22 | password | provenance | Sink:MaD:16 |
+| test.go:153:17:153:24 | definition of password | test.go:181:14:181:21 | password | provenance | Sink:MaD:17 |
+| test.go:153:17:153:24 | definition of password | test.go:182:23:182:30 | password | provenance | Sink:MaD:18 |
+| test.go:153:17:153:24 | definition of password | test.go:183:16:183:23 | password | provenance | Sink:MaD:19 |
+| test.go:153:17:153:24 | definition of password | test.go:184:15:184:22 | password | provenance | Sink:MaD:20 |
+| test.go:153:17:153:24 | definition of password | test.go:185:14:185:21 | password | provenance | Sink:MaD:21 |
+| test.go:153:17:153:24 | definition of password | test.go:186:17:186:24 | password | provenance | Sink:MaD:22 |
+| test.go:153:17:153:24 | definition of password | test.go:187:16:187:23 | password | provenance |  |
 models
 | 1 | Sink: group:beego-logs; ; false; Alert; ; ; Argument[0..1]; log-injection; manual |
 | 2 | Sink: group:beego-logs; ; false; Critical; ; ; Argument[0..1]; log-injection; manual |
@@ -92,7 +92,7 @@ models
 | 21 | Sink: group:beego-logs; BeeLogger; true; Warn; ; ; Argument[0..1]; log-injection; manual |
 | 22 | Sink: group:beego-logs; BeeLogger; true; Warning; ; ; Argument[0..1]; log-injection; manual |
 nodes
-| test.go:153:17:153:24 | SSA def(password) | semmle.label | SSA def(password) |
+| test.go:153:17:153:24 | definition of password | semmle.label | definition of password |
 | test.go:154:14:154:21 | password | semmle.label | password |
 | test.go:155:17:155:24 | password | semmle.label | password |
 | test.go:156:14:156:21 | password | semmle.label | password |
--- a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.qlref
+++ b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.qlref
@@ -1,2 +1,4 @@
 query: Security/CWE-089/SqlInjection.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.qlref
+++ b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.qlref
@@ -1,2 +1,4 @@
 query: Security/CWE-079/StoredXss.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/test.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/test.go
@@ -8,61 +8,61 @@ import (

 // BAD: using untrusted data in SQL queries
 func testDbMethods(bdb *orm.DB, untrustedSource *http.Request) {
-	untrusted := untrustedSource.UserAgent()
+	untrusted := untrustedSource.UserAgent() // $ Source[go/sql-injection]

-	bdb.Exec(untrusted)                 // $ querystring=untrusted
-	bdb.ExecContext(nil, untrusted)     // $ querystring=untrusted
-	bdb.Prepare(untrusted)              // $ querystring=untrusted
-	bdb.PrepareContext(nil, untrusted)  // $ querystring=untrusted
-	bdb.Query(untrusted)                // $ querystring=untrusted
-	bdb.QueryContext(nil, untrusted)    // $ querystring=untrusted
-	bdb.QueryRow(untrusted)             // $ querystring=untrusted
-	bdb.QueryRowContext(nil, untrusted) // $ querystring=untrusted
+	bdb.Exec(untrusted)                 // $ querystring=untrusted Alert[go/sql-injection]
+	bdb.ExecContext(nil, untrusted)     // $ querystring=untrusted Alert[go/sql-injection]
+	bdb.Prepare(untrusted)              // $ querystring=untrusted Alert[go/sql-injection]
+	bdb.PrepareContext(nil, untrusted)  // $ querystring=untrusted Alert[go/sql-injection]
+	bdb.Query(untrusted)                // $ querystring=untrusted Alert[go/sql-injection]
+	bdb.QueryContext(nil, untrusted)    // $ querystring=untrusted Alert[go/sql-injection]
+	bdb.QueryRow(untrusted)             // $ querystring=untrusted Alert[go/sql-injection]
+	bdb.QueryRowContext(nil, untrusted) // $ querystring=untrusted Alert[go/sql-injection]
 }

 // BAD: using untrusted data to build SQL queries (QueryBuilder does not sanitize its arguments)
 func testQueryBuilderMethods(qb orm.QueryBuilder, untrustedSource *http.Request) {
-	untrusted := untrustedSource.UserAgent()
-	untrusted2 := untrustedSource.UserAgent()
+	untrusted := untrustedSource.UserAgent()  // $ Source[go/sql-injection]
+	untrusted2 := untrustedSource.UserAgent() // $ Source[go/sql-injection]

-	qb.Select(untrusted)                 // $ querystring=untrusted
-	qb.From(untrusted)                   // $ querystring=untrusted
-	qb.InnerJoin(untrusted)              // $ querystring=untrusted
-	qb.LeftJoin(untrusted)               // $ querystring=untrusted
-	qb.RightJoin(untrusted)              // $ querystring=untrusted
-	qb.On(untrusted)                     // $ querystring=untrusted
-	qb.Where(untrusted)                  // $ querystring=untrusted
-	qb.And(untrusted)                    // $ querystring=untrusted
-	qb.Or(untrusted)                     // $ querystring=untrusted
-	qb.In(untrusted)                     // $ querystring=untrusted
-	qb.OrderBy(untrusted)                // $ querystring=untrusted
-	qb.GroupBy(untrusted)                // $ querystring=untrusted
-	qb.Having(untrusted)                 // $ querystring=untrusted
-	qb.Update(untrusted)                 // $ querystring=untrusted
-	qb.Set(untrusted)                    // $ querystring=untrusted
-	qb.Delete(untrusted)                 // $ querystring=untrusted
-	qb.InsertInto(untrusted, untrusted2) // $ querystring=untrusted querystring=untrusted2
-	qb.Values(untrusted)                 // $ querystring=untrusted
-	qb.Subquery(untrusted, untrusted2)   // $ querystring=untrusted querystring=untrusted2
+	qb.Select(untrusted)                 // $ querystring=untrusted Alert[go/sql-injection]
+	qb.From(untrusted)                   // $ querystring=untrusted Alert[go/sql-injection]
+	qb.InnerJoin(untrusted)              // $ querystring=untrusted Alert[go/sql-injection]
+	qb.LeftJoin(untrusted)               // $ querystring=untrusted Alert[go/sql-injection]
+	qb.RightJoin(untrusted)              // $ querystring=untrusted Alert[go/sql-injection]
+	qb.On(untrusted)                     // $ querystring=untrusted Alert[go/sql-injection]
+	qb.Where(untrusted)                  // $ querystring=untrusted Alert[go/sql-injection]
+	qb.And(untrusted)                    // $ querystring=untrusted Alert[go/sql-injection]
+	qb.Or(untrusted)                     // $ querystring=untrusted Alert[go/sql-injection]
+	qb.In(untrusted)                     // $ querystring=untrusted Alert[go/sql-injection]
+	qb.OrderBy(untrusted)                // $ querystring=untrusted Alert[go/sql-injection]
+	qb.GroupBy(untrusted)                // $ querystring=untrusted Alert[go/sql-injection]
+	qb.Having(untrusted)                 // $ querystring=untrusted Alert[go/sql-injection]
+	qb.Update(untrusted)                 // $ querystring=untrusted Alert[go/sql-injection]
+	qb.Set(untrusted)                    // $ querystring=untrusted Alert[go/sql-injection]
+	qb.Delete(untrusted)                 // $ querystring=untrusted Alert[go/sql-injection]
+	qb.InsertInto(untrusted, untrusted2) // $ querystring=untrusted querystring=untrusted2 Alert[go/sql-injection]
+	qb.Values(untrusted)                 // $ querystring=untrusted Alert[go/sql-injection]
+	qb.Subquery(untrusted, untrusted2)   // $ querystring=untrusted querystring=untrusted2 Alert[go/sql-injection]
 }

 func testOrmerRaw(ormer orm.Ormer, untrustedSource *http.Request) {
-	untrusted := untrustedSource.UserAgent()
+	untrusted := untrustedSource.UserAgent() // $ Source[go/sql-injection]
 	untrusted2 := untrustedSource.UserAgent()
-	ormer.Raw(untrusted, untrusted2)                    // $ querystring=untrusted         // BAD: using an untrusted string as a query
+	ormer.Raw(untrusted, untrusted2)                    // $ querystring=untrusted Alert[go/sql-injection] // BAD: using an untrusted string as a query
 	ormer.Raw("FROM ? SELECT ?", untrusted, untrusted2) // $ querystring="FROM ? SELECT ?" // GOOD: untrusted string used in argument context
 }

 func testFilterRaw(querySeter orm.QuerySeter, untrustedSource *http.Request) {
-	untrusted := untrustedSource.UserAgent()
-	querySeter.FilterRaw(untrusted, "safe") // $ querystring="safe"    // GOOD: untrusted used as a column name
-	querySeter.FilterRaw("safe", untrusted) // $ querystring=untrusted // BAD: untrusted used as a SQL fragment
+	untrusted := untrustedSource.UserAgent() // $ Source[go/sql-injection]
+	querySeter.FilterRaw(untrusted, "safe")  // $ querystring="safe"    // GOOD: untrusted used as a column name
+	querySeter.FilterRaw("safe", untrusted)  // $ querystring=untrusted Alert[go/sql-injection] // BAD: untrusted used as a SQL fragment
 }

 func testConditionRaw(cond orm.Condition, untrustedSource *http.Request) {
-	untrusted := untrustedSource.UserAgent()
-	cond.Raw(untrusted, "safe") // $ querystring="safe"    // GOOD: untrusted used as a column name
-	cond.Raw("safe", untrusted) // $ querystring=untrusted // BAD: untrusted used as a SQL fragment
+	untrusted := untrustedSource.UserAgent() // $ Source[go/sql-injection]
+	cond.Raw(untrusted, "safe")              // $ querystring="safe"    // GOOD: untrusted used as a column name
+	cond.Raw("safe", untrusted)              // $ querystring=untrusted Alert[go/sql-injection] // BAD: untrusted used as a SQL fragment
 }

 type SubStruct struct {
@@ -77,90 +77,90 @@ type MyStruct struct {
 // BAD: (possible stored XSS) retrieving data from a database then writing to an HTTP response
 func testOrmerReads(ormer orm.Ormer, sink http.ResponseWriter) {
 	obj := MyStruct{}
-	ormer.Read(&obj)
-	sink.Write([]byte(obj.field))
-	sink.Write([]byte(obj.substructs[0].field))
+	ormer.Read(&obj)                            // $ Source[go/stored-xss]
+	sink.Write([]byte(obj.field))               // $ Alert[go/stored-xss]
+	sink.Write([]byte(obj.substructs[0].field)) // $ Alert[go/stored-xss]

 	obj2 := MyStruct{}
-	ormer.ReadForUpdate(&obj2)
-	sink.Write([]byte(obj2.field))
+	ormer.ReadForUpdate(&obj2)     // $ Source[go/stored-xss]
+	sink.Write([]byte(obj2.field)) // $ Alert[go/stored-xss]

 	obj3 := MyStruct{}
-	ormer.ReadOrCreate(&obj3, "arg")
-	sink.Write([]byte(obj3.field))
+	ormer.ReadOrCreate(&obj3, "arg") // $ Source[go/stored-xss]
+	sink.Write([]byte(obj3.field))   // $ Alert[go/stored-xss]
 }

 // BAD: (possible stored XSS) retrieving data from a database then writing to an HTTP response
 func testFieldReads(textField *orm.TextField, jsonField *orm.JSONField, jsonbField *orm.JsonbField, sink http.ResponseWriter) {
-	sink.Write([]byte(textField.Value()))
-	sink.Write([]byte(textField.RawValue().(string)))
-	sink.Write([]byte(textField.String()))
-	sink.Write([]byte(jsonField.Value()))
-	sink.Write([]byte(jsonField.RawValue().(string)))
-	sink.Write([]byte(jsonField.String()))
-	sink.Write([]byte(jsonbField.Value()))
-	sink.Write([]byte(jsonbField.RawValue().(string)))
-	sink.Write([]byte(jsonbField.String()))
+	sink.Write([]byte(textField.Value()))              // $ Alert[go/stored-xss]
+	sink.Write([]byte(textField.RawValue().(string)))  // $ Alert[go/stored-xss]
+	sink.Write([]byte(textField.String()))             // $ Alert[go/stored-xss]
+	sink.Write([]byte(jsonField.Value()))              // $ Alert[go/stored-xss]
+	sink.Write([]byte(jsonField.RawValue().(string)))  // $ Alert[go/stored-xss]
+	sink.Write([]byte(jsonField.String()))             // $ Alert[go/stored-xss]
+	sink.Write([]byte(jsonbField.Value()))             // $ Alert[go/stored-xss]
+	sink.Write([]byte(jsonbField.RawValue().(string))) // $ Alert[go/stored-xss]
+	sink.Write([]byte(jsonbField.String()))            // $ Alert[go/stored-xss]
 }

 // BAD: (possible stored XSS) retrieving data from a database then writing to an HTTP response
 func testQuerySeterReads(qs orm.QuerySeter, sink http.ResponseWriter) {
 	var objs []*MyStruct
-	qs.All(&objs)
-	sink.Write([]byte(objs[0].field))
+	qs.All(&objs)                     // $ Source[go/stored-xss]
+	sink.Write([]byte(objs[0].field)) // $ Alert[go/stored-xss]

 	var obj MyStruct
-	qs.One(&obj)
-	sink.Write([]byte(obj.field))
+	qs.One(&obj)                  // $ Source[go/stored-xss]
+	sink.Write([]byte(obj.field)) // $ Alert[go/stored-xss]

 	var allMaps []orm.Params
-	qs.Values(&allMaps)
-	sink.Write([]byte(allMaps[0]["field"].(string)))
+	qs.Values(&allMaps)                              // $ Source[go/stored-xss]
+	sink.Write([]byte(allMaps[0]["field"].(string))) // $ Alert[go/stored-xss]

 	var allLists []orm.ParamsList
-	qs.ValuesList(&allLists)
-	sink.Write([]byte(allLists[0][0].(string)))
+	qs.ValuesList(&allLists)                    // $ Source[go/stored-xss]
+	sink.Write([]byte(allLists[0][0].(string))) // $ Alert[go/stored-xss]

 	var oneList orm.ParamsList
-	qs.ValuesFlat(&oneList, "colname")
-	sink.Write([]byte(oneList[0].(string)))
+	qs.ValuesFlat(&oneList, "colname")      // $ Source[go/stored-xss]
+	sink.Write([]byte(oneList[0].(string))) // $ Alert[go/stored-xss]

 	var oneRowMap orm.Params
-	qs.RowsToMap(&oneRowMap, "key", "value")
-	sink.Write([]byte(oneRowMap["field"].(string)))
+	qs.RowsToMap(&oneRowMap, "key", "value")        // $ Source[go/stored-xss]
+	sink.Write([]byte(oneRowMap["field"].(string))) // $ Alert[go/stored-xss]

 	var oneRowStruct MyStruct
-	qs.RowsToStruct(&oneRowStruct, "key", "value")
-	sink.Write([]byte(oneRowStruct.field))
+	qs.RowsToStruct(&oneRowStruct, "key", "value") // $ Source[go/stored-xss]
+	sink.Write([]byte(oneRowStruct.field))         // $ Alert[go/stored-xss]
 }

 // BAD: (possible stored XSS) retrieving data from a database then writing to an HTTP response
 func testRawSeterReads(rs orm.RawSeter, sink http.ResponseWriter) {
 	var allMaps []orm.Params
-	rs.Values(&allMaps)
-	sink.Write([]byte(allMaps[0]["field"].(string)))
+	rs.Values(&allMaps)                              // $ Source[go/stored-xss]
+	sink.Write([]byte(allMaps[0]["field"].(string))) // $ Alert[go/stored-xss]

 	var allLists []orm.ParamsList
-	rs.ValuesList(&allLists)
-	sink.Write([]byte(allLists[0][0].(string)))
+	rs.ValuesList(&allLists)                    // $ Source[go/stored-xss]
+	sink.Write([]byte(allLists[0][0].(string))) // $ Alert[go/stored-xss]

 	var oneList orm.ParamsList
-	rs.ValuesFlat(&oneList, "colname")
-	sink.Write([]byte(oneList[0].(string)))
+	rs.ValuesFlat(&oneList, "colname")      // $ Source[go/stored-xss]
+	sink.Write([]byte(oneList[0].(string))) // $ Alert[go/stored-xss]

 	var oneRowMap orm.Params
-	rs.RowsToMap(&oneRowMap, "key", "value")
-	sink.Write([]byte(oneRowMap["field"].(string)))
+	rs.RowsToMap(&oneRowMap, "key", "value")        // $ Source[go/stored-xss]
+	sink.Write([]byte(oneRowMap["field"].(string))) // $ Alert[go/stored-xss]

 	var oneRowStruct MyStruct
-	rs.RowsToStruct(&oneRowStruct, "key", "value")
-	sink.Write([]byte(oneRowStruct.field))
+	rs.RowsToStruct(&oneRowStruct, "key", "value") // $ Source[go/stored-xss]
+	sink.Write([]byte(oneRowStruct.field))         // $ Alert[go/stored-xss]

 	var strField string
-	rs.QueryRow(&strField)
-	sink.Write([]byte(strField))
+	rs.QueryRow(&strField)       // $ Source[go/stored-xss]
+	sink.Write([]byte(strField)) // $ Alert[go/stored-xss]

 	var strFields []string
-	rs.QueryRows(&strFields)
-	sink.Write([]byte(strFields[0]))
+	rs.QueryRows(&strFields)         // $ Source[go/stored-xss]
+	sink.Write([]byte(strFields[0])) // $ Alert[go/stored-xss]
 }
--- a/go/ql/test/library-tests/semmle/go/frameworks/Chi/ReflectedXss.qlref
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Chi/ReflectedXss.qlref
@@ -1,2 +1,4 @@
 query: Security/CWE-079/ReflectedXss.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/library-tests/semmle/go/frameworks/Chi/test.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Chi/test.go
@@ -10,7 +10,7 @@ var hidden string

 func hideUserData(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		hidden = r.URL.Path
+		hidden = r.URL.Path // $ Source
 		next.ServeHTTP(w, r)
 	})
 }
@@ -18,10 +18,10 @@ func hideUserData(next http.Handler) http.Handler {
 func main() {
 	r := chi.NewRouter()
 	r.With(hideUserData).Get("/", func(w http.ResponseWriter, r *http.Request) {
-		w.Write([]byte(hidden))
-		w.Write([]byte(chi.URLParam(r, "someParam")))
-		w.Write([]byte(chi.URLParamFromCtx(r.Context(), "someKey")))
-		w.Write([]byte(chi.RouteContext(r.Context()).URLParam("someOtherKey")))
+		w.Write([]byte(hidden))                                                 // $ Alert
+		w.Write([]byte(chi.URLParam(r, "someParam")))                           // $ Alert
+		w.Write([]byte(chi.URLParamFromCtx(r.Context(), "someKey")))            // $ Alert
+		w.Write([]byte(chi.RouteContext(r.Context()).URLParam("someOtherKey"))) // $ Alert
 	})
 	http.ListenAndServe(":3000", r)
 }
--- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.qlref
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.qlref
@@ -1,2 +1,4 @@
 query: Security/CWE-601/OpenUrlRedirect.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.qlref
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.qlref
@@ -1,2 +1,4 @@
 query: Security/CWE-079/ReflectedXss.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.qlref
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.qlref
@@ -1,2 +1,4 @@
 query: Security/CWE-022/TaintedPath.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go
@@ -12,81 +12,81 @@ import (
 // All are XSS vulnerabilities, except as specifically noted.

 func testParam(ctx echo.Context) error {
-	param := ctx.Param("someParam")
-	ctx.HTML(200, param)
+	param := ctx.Param("someParam") // $ Source[go/reflected-xss]
+	ctx.HTML(200, param)            // $ Alert[go/reflected-xss]
 	return nil
 }

 func testParamValues(ctx echo.Context) error {
-	param := ctx.ParamValues()[0]
-	ctx.HTML(200, param)
+	param := ctx.ParamValues()[0] // $ Source[go/reflected-xss]
+	ctx.HTML(200, param)          // $ Alert[go/reflected-xss]
 	return nil
 }

 func testQueryParam(ctx echo.Context) error {
-	param := ctx.QueryParam("someParam")
-	ctx.HTML(200, param)
+	param := ctx.QueryParam("someParam") // $ Source[go/reflected-xss]
+	ctx.HTML(200, param)                 // $ Alert[go/reflected-xss]
 	return nil
 }

 func testQueryParams(ctx echo.Context) error {
-	param := ctx.QueryParams()["someParam"][0]
-	ctx.HTML(200, param)
+	param := ctx.QueryParams()["someParam"][0] // $ Source[go/reflected-xss]
+	ctx.HTML(200, param)                       // $ Alert[go/reflected-xss]
 	return nil
 }

 func testQueryString(ctx echo.Context) error {
-	qstr := ctx.QueryString()
-	ctx.HTML(200, qstr)
+	qstr := ctx.QueryString() // $ Source[go/reflected-xss]
+	ctx.HTML(200, qstr)       // $ Alert[go/reflected-xss]
 	return nil
 }

 func testFormValue(ctx echo.Context) error {
-	val := ctx.FormValue("someField")
-	ctx.HTML(200, val)
+	val := ctx.FormValue("someField") // $ Source[go/reflected-xss]
+	ctx.HTML(200, val)                // $ Alert[go/reflected-xss]
 	return nil
 }

 func testFormParams(ctx echo.Context) error {
-	params, _ := ctx.FormParams()
-	ctx.HTML(200, params["someField"][0])
+	params, _ := ctx.FormParams()         // $ Source[go/reflected-xss]
+	ctx.HTML(200, params["someField"][0]) // $ Alert[go/reflected-xss]
 	return nil
 }

 func testFormFile(ctx echo.Context) error {
-	fileHeader, _ := ctx.FormFile("someFilename")
+	fileHeader, _ := ctx.FormFile("someFilename") // $ Source[go/reflected-xss]
 	file, _ := fileHeader.Open()
 	buffer := make([]byte, 100)
 	file.Read(buffer)
-	ctx.HTMLBlob(200, buffer)
+	ctx.HTMLBlob(200, buffer) // $ Alert[go/reflected-xss]
 	return nil
 }

 func testMultipartFormValue(ctx echo.Context) error {
-	form, _ := ctx.MultipartForm()
-	ctx.HTML(200, form.Value["someField"][0])
+	form, _ := ctx.MultipartForm()            // $ Source[go/reflected-xss]
+	ctx.HTML(200, form.Value["someField"][0]) // $ Alert[go/reflected-xss]
 	return nil
 }

 func testMultipartFormFile(ctx echo.Context) error {
-	form, _ := ctx.MultipartForm()
+	form, _ := ctx.MultipartForm() // $ Source[go/reflected-xss]
 	fileHeader := form.File["someFilename"][0]
 	file, _ := fileHeader.Open()
 	buffer := make([]byte, 100)
 	file.Read(buffer)
-	ctx.HTMLBlob(200, buffer)
+	ctx.HTMLBlob(200, buffer) // $ Alert[go/reflected-xss]
 	return nil
 }

 func testCookie(ctx echo.Context) error {
-	val, _ := ctx.Cookie("someKey")
-	ctx.HTML(200, val.Value)
+	val, _ := ctx.Cookie("someKey") // $ Source[go/reflected-xss]
+	ctx.HTML(200, val.Value)        // $ Alert[go/reflected-xss]
 	return nil
 }

 func testCookies(ctx echo.Context) error {
-	cookies := ctx.Cookies()
-	ctx.HTML(200, cookies[0].Value)
+	cookies := ctx.Cookies()        // $ Source[go/reflected-xss]
+	ctx.HTML(200, cookies[0].Value) // $ Alert[go/reflected-xss]
 	return nil
 }

@@ -96,8 +96,8 @@ type myStruct struct {

 func testBind(ctx echo.Context) error {
 	data := myStruct{}
-	ctx.Bind(&data)
-	ctx.HTML(200, data.s)
+	ctx.Bind(&data)       // $ Source[go/reflected-xss]
+	ctx.HTML(200, data.s) // $ Alert[go/reflected-xss]
 	return nil
 }

@@ -110,8 +110,8 @@ func testGetSetEmpty(ctx echo.Context) error {
 }

 func testGetSet(ctx echo.Context) error {
-	ctx.Set("someKey", ctx.Param("someParam"))
-	ctx.HTML(200, ctx.Get("someKey").(string)) // BAD, the context is tainted
+	ctx.Set("someKey", ctx.Param("someParam")) // $ Source[go/reflected-xss]
+	ctx.HTML(200, ctx.Get("someKey").(string)) // $ Alert[go/reflected-xss] // BAD, the context is tainted
 	return nil
 }

@@ -121,20 +121,20 @@ func testGetSet(ctx echo.Context) error {
 // All are XSS vulnerabilities, except as specifically noted.

 func testHTML(ctx echo.Context) error {
-	param := ctx.Param("someParam")
-	ctx.HTML(200, param)
+	param := ctx.Param("someParam") // $ Source[go/reflected-xss]
+	ctx.HTML(200, param)            // $ Alert[go/reflected-xss]
 	return nil
 }

 func testHTMLBlob(ctx echo.Context) error {
-	param := ctx.Param("someParam")
-	ctx.HTMLBlob(200, []byte(param))
+	param := ctx.Param("someParam")  // $ Source[go/reflected-xss]
+	ctx.HTMLBlob(200, []byte(param)) // $ Alert[go/reflected-xss]
 	return nil
 }

 func testBlob(ctx echo.Context) error {
-	param := ctx.Param("someParam")
-	ctx.Blob(200, "text/html", []byte(param)) // BAD, the content-type is HTML
+	param := ctx.Param("someParam")           // $ Source[go/reflected-xss]
+	ctx.Blob(200, "text/html", []byte(param)) // $ Alert[go/reflected-xss] // BAD, the content-type is HTML
 	return nil
 }

@@ -145,9 +145,9 @@ func testBlobSafe(ctx echo.Context) error {
 }

 func testStream(ctx echo.Context) error {
-	param := ctx.Param("someParam")
+	param := ctx.Param("someParam") // $ Source[go/reflected-xss]
 	reader := strings.NewReader(param)
-	ctx.Stream(200, "text/html", reader) // BAD, the content-type is HTML
+	ctx.Stream(200, "text/html", reader) // $ Alert[go/reflected-xss] // BAD, the content-type is HTML
 	return nil
 }

@@ -161,28 +161,28 @@ func testStreamSafe(ctx echo.Context) error {
 // Section: testing output methods defined on Response (XSS vulnerability)

 func testResponseWrite(ctx echo.Context) error {
-	param := ctx.Param("someParam")
-	ctx.Response().Write([]byte(param))
+	param := ctx.Param("someParam")     // $ Source[go/reflected-xss]
+	ctx.Response().Write([]byte(param)) // $ Alert[go/reflected-xss]
 	return nil
 }

 // Section: test detecting an open redirect using the Context.Redirect function:

 func testRedirect(ctx echo.Context) error {
-	param := ctx.Param("someParam")
-	ctx.Redirect(301, param)
+	param := ctx.Param("someParam") // $ Source[go/unvalidated-url-redirection]
+	ctx.Redirect(301, param)        // $ Alert[go/unvalidated-url-redirection]
 	return nil
 }

 func testLocalRedirects(ctx echo.Context) error {
-	param := ctx.Param("someParam")
+	param := ctx.Param("someParam") // $ Source[go/unvalidated-url-redirection]
 	param2 := param
 	param3 := param
 	// Gratuitous copy because sanitization of uses propagates to subsequent uses
 	// GOOD: local redirects are unproblematic
 	ctx.Redirect(301, "/local"+param)
 	// BAD: this could be a non-local redirect
-	ctx.Redirect(301, "/"+param2)
+	ctx.Redirect(301, "/"+param2) // $ Alert[go/unvalidated-url-redirection]
 	// GOOD: localhost redirects are unproblematic
 	ctx.Redirect(301, "//localhost/"+param3)
 	return nil
@@ -221,12 +221,12 @@ func testNonExploitableFields(ctx echo.Context) error {
 func fsOpsTest() {
 	e := echo.New()
 	e.GET("/", func(c echo.Context) error {
-		filepath := c.QueryParam("filePath")
-		return c.File(filepath) // $ FileSystemAccess=filepath
+		filepath := c.QueryParam("filePath") // $ Source[go/path-injection]
+		return c.File(filepath)              // $ FileSystemAccess=filepath Alert[go/path-injection]
 	})
 	e.GET("/attachment", func(c echo.Context) error {
-		filepath := c.QueryParam("filePath")
-		return c.Attachment(filepath, "file name in response") // $ FileSystemAccess=filepath
+		filepath := c.QueryParam("filePath")                   // $ Source[go/path-injection]
+		return c.Attachment(filepath, "file name in response") // $ FileSystemAccess=filepath Alert[go/path-injection]
 	})
 	_ = e.Start(":1323")
 }
--- a/go/ql/test/library-tests/semmle/go/frameworks/GoKit/main.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/GoKit/main.go
@@ -12,12 +12,12 @@ type MyService interface {
 }

 func makeEndpointLit(svc MyService) endpoint.Endpoint {
-	return func(_ context.Context, request interface{}) (interface{}, error) { // $ source="SSA def(request)"
+	return func(_ context.Context, request interface{}) (interface{}, error) { // $ source="definition of request"
 		return request, nil
 	}
 }

-func endpointfn(_ context.Context, request interface{}) (interface{}, error) { // $ source="SSA def(request)"
+func endpointfn(_ context.Context, request interface{}) (interface{}, error) { // $ source="definition of request"
 	return request, nil
 }

--- a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected
@@ -1,8 +1,8 @@
+#select
+| main.go:21:28:21:31 | name | main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | This log entry depends on a $@. | main.go:18:46:18:48 | definition of req | user-provided value |
 edges
-| main.go:18:46:18:48 | SSA def(req) | main.go:21:28:21:31 | name | provenance |  |
+| main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | provenance |  |
 nodes
-| main.go:18:46:18:48 | SSA def(req) | semmle.label | SSA def(req) |
+| main.go:18:46:18:48 | definition of req | semmle.label | definition of req |
 | main.go:21:28:21:31 | name | semmle.label | name |
 subpaths
-#select
-| main.go:21:28:21:31 | name | main.go:18:46:18:48 | SSA def(req) | main.go:21:28:21:31 | name | This log entry depends on a $@. | main.go:18:46:18:48 | SSA def(req) | user-provided value |
--- a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.qlref
+++ b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.qlref
@@ -1 +1,2 @@
-Security/CWE-117/LogInjection.ql
+query: Security/CWE-117/LogInjection.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/main.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/main.go
@@ -15,10 +15,10 @@ import (

 type Greeter struct{}

-func (g *Greeter) Hello(ctx context.Context, req *pb.Request, rsp *pb.Response) error { // $ serverRequest="SSA def(req)"
+func (g *Greeter) Hello(ctx context.Context, req *pb.Request, rsp *pb.Response) error { // $ serverRequest="definition of req" Source
 	// var access
 	name := req.Name
-	fmt.Println("Name :: %s", name)
+	fmt.Println("Name :: %s", name) // $ Alert
 	return nil
 }

--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/CONSISTENCY/DataFlowConsistency.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/CONSISTENCY/DataFlowConsistency.expected
@@ -1,28 +1,28 @@
 reverseRead
-| EndToEnd.go:30:35:30:35 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:30:35:30:42 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:36:18:36:18 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:36:18:36:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:44:18:44:18 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:44:18:44:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:51:20:51:20 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:51:20:51:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:58:18:58:18 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:58:18:58:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:64:26:64:26 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:64:26:64:33 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:69:22:69:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:69:22:69:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:74:22:74:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:74:22:74:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:79:35:79:35 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:79:35:79:42 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:84:22:84:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:84:22:84:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:89:21:89:21 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:89:21:89:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:94:20:94:20 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
-| EndToEnd.go:94:20:94:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:31:35:31:35 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:31:35:31:42 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:37:18:37:18 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:37:18:37:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:45:18:45:18 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:45:18:45:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:52:20:52:20 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:52:20:52:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:59:18:59:18 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:59:18:59:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:65:26:65:26 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:65:26:65:33 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:70:22:70:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:70:22:70:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:75:22:75:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:75:22:75:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:80:35:80:35 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:80:35:80:42 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:85:22:85:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:85:22:85:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:90:21:90:21 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:90:21:90:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:95:20:95:20 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
+| EndToEnd.go:95:20:95:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
 | Revel.go:26:7:26:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
 | Revel.go:27:7:27:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. |
 | Revel.go:27:7:27:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/EndToEnd.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/EndToEnd.go
@@ -3,10 +3,11 @@ package main
 import (
 	"bytes"
 	"errors"
-	staticControllers "github.com/revel/modules/static/app/controllers"
-	"github.com/revel/revel"
 	"os"
 	"time"
+
+	staticControllers "github.com/revel/modules/static/app/controllers"
+	"github.com/revel/revel"
 )

 // Use typical inheritence pattern, per github.com/revel/examples/booking:
@@ -33,8 +34,8 @@ func (c MyRoute) Handler1() revel.Result {
 func (c MyRoute) Handler2() revel.Result {
 	// BAD: the RenderBinary function copies an `io.Reader` to the user's browser.
 	buf := &bytes.Buffer{}
-	buf.WriteString(c.Params.Form.Get("someField"))
-	return c.RenderBinary(buf, "index.html", revel.Inline, time.Now()) // $ responsebody='buf'
+	buf.WriteString(c.Params.Form.Get("someField"))                    // $ Source[go/reflected-xss]
+	return c.RenderBinary(buf, "index.html", revel.Inline, time.Now()) // $ responsebody='buf' Alert[go/reflected-xss]
 }

 func (c MyRoute) Handler3() revel.Result {
@@ -55,18 +56,18 @@ func (c MyRoute) Handler4() revel.Result {
 func (c MyRoute) Handler5() revel.Result {
 	// BAD: returning an arbitrary file (but this is detected at the os.Open call, not
 	// due to modelling Revel)
-	f, _ := os.Open(c.Params.Form.Get("someField"))
+	f, _ := os.Open(c.Params.Form.Get("someField")) // $ Alert[go/path-injection]
 	return c.RenderFile(f, revel.Inline)
 }

 func (c MyRoute) Handler6() revel.Result {
 	// BAD: returning an arbitrary file (detected as a user-controlled file-op, not XSS)
-	return c.RenderFileName(c.Params.Form.Get("someField"), revel.Inline)
+	return c.RenderFileName(c.Params.Form.Get("someField"), revel.Inline) // $ Alert[go/path-injection]
 }

 func (c MyRoute) Handler7() revel.Result {
 	// BAD: straightforward XSS
-	return c.RenderHTML(c.Params.Form.Get("someField")) // $ responsebody='call to Get'
+	return c.RenderHTML(c.Params.Form.Get("someField")) // $ responsebody='call to Get' Alert[go/reflected-xss]
 }

 func (c MyRoute) Handler8() revel.Result {
@@ -91,5 +92,5 @@ func (c MyRoute) Handler11() revel.Result {

 func (c MyRoute) Handler12() revel.Result {
 	// BAD: open redirect
-	return c.Redirect(c.Params.Form.Get("someField"))
+	return c.Redirect(c.Params.Form.Get("someField")) // $ Alert[go/unvalidated-url-redirection]
 }
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected
@@ -1,19 +1,19 @@
 #select
-| EndToEnd.go:94:20:94:49 | call to Get | EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:49 | call to Get | This path to an untrusted URL redirection depends on a $@. | EndToEnd.go:94:20:94:27 | selection of Params | user-provided value |
+| EndToEnd.go:95:20:95:49 | call to Get | EndToEnd.go:95:20:95:27 | selection of Params | EndToEnd.go:95:20:95:49 | call to Get | This path to an untrusted URL redirection depends on a $@. | EndToEnd.go:95:20:95:27 | selection of Params | user-provided value |
 edges
-| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:27 | selection of Params [postupdate] | provenance | Config |
-| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Config |
-| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | Src:MaD:2 Config |
-| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Src:MaD:2 Config |
-| EndToEnd.go:94:20:94:27 | selection of Params [postupdate] | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | Config |
-| EndToEnd.go:94:20:94:32 | selection of Form | EndToEnd.go:94:20:94:49 | call to Get | provenance | Config Sink:MaD:1 |
+| EndToEnd.go:95:20:95:27 | implicit dereference | EndToEnd.go:95:20:95:27 | selection of Params [postupdate] | provenance | Config |
+| EndToEnd.go:95:20:95:27 | implicit dereference | EndToEnd.go:95:20:95:32 | selection of Form | provenance | Config |
+| EndToEnd.go:95:20:95:27 | selection of Params | EndToEnd.go:95:20:95:27 | implicit dereference | provenance | Src:MaD:2 Config |
+| EndToEnd.go:95:20:95:27 | selection of Params | EndToEnd.go:95:20:95:32 | selection of Form | provenance | Src:MaD:2 Config |
+| EndToEnd.go:95:20:95:27 | selection of Params [postupdate] | EndToEnd.go:95:20:95:27 | implicit dereference | provenance | Config |
+| EndToEnd.go:95:20:95:32 | selection of Form | EndToEnd.go:95:20:95:49 | call to Get | provenance | Config Sink:MaD:1 |
 models
 | 1 | Sink: group:revel; Controller; true; Redirect; ; ; Argument[0]; url-redirection; manual |
 | 2 | Source: group:revel; Controller; true; Params; ; ; ; remote; manual |
 nodes
-| EndToEnd.go:94:20:94:27 | implicit dereference | semmle.label | implicit dereference |
-| EndToEnd.go:94:20:94:27 | selection of Params | semmle.label | selection of Params |
-| EndToEnd.go:94:20:94:27 | selection of Params [postupdate] | semmle.label | selection of Params [postupdate] |
-| EndToEnd.go:94:20:94:32 | selection of Form | semmle.label | selection of Form |
-| EndToEnd.go:94:20:94:49 | call to Get | semmle.label | call to Get |
+| EndToEnd.go:95:20:95:27 | implicit dereference | semmle.label | implicit dereference |
+| EndToEnd.go:95:20:95:27 | selection of Params | semmle.label | selection of Params |
+| EndToEnd.go:95:20:95:27 | selection of Params [postupdate] | semmle.label | selection of Params [postupdate] |
+| EndToEnd.go:95:20:95:32 | selection of Form | semmle.label | selection of Form |
+| EndToEnd.go:95:20:95:49 | call to Get | semmle.label | call to Get |
 subpaths
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.qlref
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.qlref
@@ -1,2 +1,4 @@
 query: Security/CWE-601/OpenUrlRedirect.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected
@@ -1,16 +1,16 @@
 #select
-| EndToEnd.go:37:24:37:26 | buf | EndToEnd.go:36:18:36:25 | selection of Params | EndToEnd.go:37:24:37:26 | buf | Cross-site scripting vulnerability due to $@. | EndToEnd.go:36:18:36:25 | selection of Params | user-provided value | EndToEnd.go:0:0:0:0 | EndToEnd.go |  |
-| EndToEnd.go:69:22:69:51 | call to Get | EndToEnd.go:69:22:69:29 | selection of Params | EndToEnd.go:69:22:69:51 | call to Get | Cross-site scripting vulnerability due to $@. | EndToEnd.go:69:22:69:29 | selection of Params | user-provided value | EndToEnd.go:0:0:0:0 | EndToEnd.go |  |
+| EndToEnd.go:38:24:38:26 | buf | EndToEnd.go:37:18:37:25 | selection of Params | EndToEnd.go:38:24:38:26 | buf | Cross-site scripting vulnerability due to $@. | EndToEnd.go:37:18:37:25 | selection of Params | user-provided value | EndToEnd.go:0:0:0:0 | EndToEnd.go |  |
+| EndToEnd.go:70:22:70:51 | call to Get | EndToEnd.go:70:22:70:29 | selection of Params | EndToEnd.go:70:22:70:51 | call to Get | Cross-site scripting vulnerability due to $@. | EndToEnd.go:70:22:70:29 | selection of Params | user-provided value | EndToEnd.go:0:0:0:0 | EndToEnd.go |  |
 | Revel.go:70:22:70:35 | selection of Query | Revel.go:70:22:70:29 | selection of Params | Revel.go:70:22:70:35 | selection of Query | Cross-site scripting vulnerability due to $@. The value is $@. | Revel.go:70:22:70:29 | selection of Params | user-provided value | views/myAppController/rawRead.html:1:1:2:9 | {{raw .Foo}}\n{{.Bar}}\n | instantiated as a raw template |
 | examples/booking/app/init.go:36:44:36:53 | selection of Path | examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | Cross-site scripting vulnerability due to $@. | examples/booking/app/init.go:36:44:36:48 | selection of URL | user-provided value | examples/booking/app/init.go:0:0:0:0 | examples/booking/app/init.go |  |
 | examples/booking/app/init.go:40:49:40:58 | selection of Path | examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | Cross-site scripting vulnerability due to $@. | examples/booking/app/init.go:40:49:40:53 | selection of URL | user-provided value | examples/booking/app/init.go:0:0:0:0 | examples/booking/app/init.go |  |
 edges
-| EndToEnd.go:36:2:36:4 | buf [postupdate] | EndToEnd.go:37:24:37:26 | buf | provenance |  |
-| EndToEnd.go:36:18:36:25 | selection of Params | EndToEnd.go:36:18:36:30 | selection of Form | provenance | Src:MaD:1  |
-| EndToEnd.go:36:18:36:30 | selection of Form | EndToEnd.go:36:18:36:47 | call to Get | provenance | MaD:4 |
-| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:36:2:36:4 | buf [postupdate] | provenance | MaD:3 |
-| EndToEnd.go:69:22:69:29 | selection of Params | EndToEnd.go:69:22:69:34 | selection of Form | provenance | Src:MaD:1  |
-| EndToEnd.go:69:22:69:34 | selection of Form | EndToEnd.go:69:22:69:51 | call to Get | provenance | MaD:4 |
+| EndToEnd.go:37:2:37:4 | buf [postupdate] | EndToEnd.go:38:24:38:26 | buf | provenance |  |
+| EndToEnd.go:37:18:37:25 | selection of Params | EndToEnd.go:37:18:37:30 | selection of Form | provenance | Src:MaD:1  |
+| EndToEnd.go:37:18:37:30 | selection of Form | EndToEnd.go:37:18:37:47 | call to Get | provenance | MaD:4 |
+| EndToEnd.go:37:18:37:47 | call to Get | EndToEnd.go:37:2:37:4 | buf [postupdate] | provenance | MaD:3 |
+| EndToEnd.go:70:22:70:29 | selection of Params | EndToEnd.go:70:22:70:34 | selection of Form | provenance | Src:MaD:1  |
+| EndToEnd.go:70:22:70:34 | selection of Form | EndToEnd.go:70:22:70:51 | call to Get | provenance | MaD:4 |
 | Revel.go:70:22:70:29 | selection of Params | Revel.go:70:22:70:35 | selection of Query | provenance | Src:MaD:1  |
 | examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | provenance | Src:MaD:2  |
 | examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | provenance | Src:MaD:2  |
@@ -20,14 +20,14 @@ models
 | 3 | Summary: io; StringWriter; true; WriteString; ; ; Argument[0]; Argument[receiver]; taint; manual |
 | 4 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
 nodes
-| EndToEnd.go:36:2:36:4 | buf [postupdate] | semmle.label | buf [postupdate] |
-| EndToEnd.go:36:18:36:25 | selection of Params | semmle.label | selection of Params |
-| EndToEnd.go:36:18:36:30 | selection of Form | semmle.label | selection of Form |
-| EndToEnd.go:36:18:36:47 | call to Get | semmle.label | call to Get |
-| EndToEnd.go:37:24:37:26 | buf | semmle.label | buf |
-| EndToEnd.go:69:22:69:29 | selection of Params | semmle.label | selection of Params |
-| EndToEnd.go:69:22:69:34 | selection of Form | semmle.label | selection of Form |
-| EndToEnd.go:69:22:69:51 | call to Get | semmle.label | call to Get |
+| EndToEnd.go:37:2:37:4 | buf [postupdate] | semmle.label | buf [postupdate] |
+| EndToEnd.go:37:18:37:25 | selection of Params | semmle.label | selection of Params |
+| EndToEnd.go:37:18:37:30 | selection of Form | semmle.label | selection of Form |
+| EndToEnd.go:37:18:37:47 | call to Get | semmle.label | call to Get |
+| EndToEnd.go:38:24:38:26 | buf | semmle.label | buf |
+| EndToEnd.go:70:22:70:29 | selection of Params | semmle.label | selection of Params |
+| EndToEnd.go:70:22:70:34 | selection of Form | semmle.label | selection of Form |
+| EndToEnd.go:70:22:70:51 | call to Get | semmle.label | call to Get |
 | Revel.go:70:22:70:29 | selection of Params | semmle.label | selection of Params |
 | Revel.go:70:22:70:35 | selection of Query | semmle.label | selection of Query |
 | examples/booking/app/init.go:36:44:36:48 | selection of URL | semmle.label | selection of URL |
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.qlref
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.qlref
@@ -1,2 +1,4 @@
 query: Security/CWE-079/ReflectedXss.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/Revel.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/Revel.go
@@ -67,7 +67,7 @@ func (c myAppController) accessingParamsJSONIsUnsafe() {
 func (c myAppController) rawRead() { // $ responsebody='argument corresponding to c'
 	c.ViewArgs["Foo"] = "<p>raw HTML</p>" // $ responsebody='"<p>raw HTML</p>"'
 	c.ViewArgs["Bar"] = "<p>not raw HTML</p>"
-	c.ViewArgs["Foo"] = c.Params.Query // $ responsebody='selection of Query'
+	c.ViewArgs["Foo"] = c.Params.Query // $ responsebody='selection of Query' Alert[go/reflected-xss]
 	c.Render()
 }

--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected
@@ -1,21 +1,21 @@
 #select
-| EndToEnd.go:58:18:58:47 | call to Get | EndToEnd.go:58:18:58:25 | selection of Params | EndToEnd.go:58:18:58:47 | call to Get | This path depends on a $@. | EndToEnd.go:58:18:58:25 | selection of Params | user-provided value |
-| EndToEnd.go:64:26:64:55 | call to Get | EndToEnd.go:64:26:64:33 | selection of Params | EndToEnd.go:64:26:64:55 | call to Get | This path depends on a $@. | EndToEnd.go:64:26:64:33 | selection of Params | user-provided value |
+| EndToEnd.go:59:18:59:47 | call to Get | EndToEnd.go:59:18:59:25 | selection of Params | EndToEnd.go:59:18:59:47 | call to Get | This path depends on a $@. | EndToEnd.go:59:18:59:25 | selection of Params | user-provided value |
+| EndToEnd.go:65:26:65:55 | call to Get | EndToEnd.go:65:26:65:33 | selection of Params | EndToEnd.go:65:26:65:55 | call to Get | This path depends on a $@. | EndToEnd.go:65:26:65:33 | selection of Params | user-provided value |
 edges
-| EndToEnd.go:58:18:58:25 | selection of Params | EndToEnd.go:58:18:58:30 | selection of Form | provenance | Src:MaD:3  |
-| EndToEnd.go:58:18:58:30 | selection of Form | EndToEnd.go:58:18:58:47 | call to Get | provenance | MaD:4 Sink:MaD:2 |
-| EndToEnd.go:64:26:64:33 | selection of Params | EndToEnd.go:64:26:64:38 | selection of Form | provenance | Src:MaD:3  |
-| EndToEnd.go:64:26:64:38 | selection of Form | EndToEnd.go:64:26:64:55 | call to Get | provenance | MaD:4 Sink:MaD:1 |
+| EndToEnd.go:59:18:59:25 | selection of Params | EndToEnd.go:59:18:59:30 | selection of Form | provenance | Src:MaD:3  |
+| EndToEnd.go:59:18:59:30 | selection of Form | EndToEnd.go:59:18:59:47 | call to Get | provenance | MaD:4 Sink:MaD:2 |
+| EndToEnd.go:65:26:65:33 | selection of Params | EndToEnd.go:65:26:65:38 | selection of Form | provenance | Src:MaD:3  |
+| EndToEnd.go:65:26:65:38 | selection of Form | EndToEnd.go:65:26:65:55 | call to Get | provenance | MaD:4 Sink:MaD:1 |
 models
 | 1 | Sink: group:revel; Controller; true; RenderFileName; ; ; Argument[0]; path-injection; manual |
 | 2 | Sink: os; ; false; Open; ; ; Argument[0]; path-injection; manual |
 | 3 | Source: group:revel; Controller; true; Params; ; ; ; remote; manual |
 | 4 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
 nodes
-| EndToEnd.go:58:18:58:25 | selection of Params | semmle.label | selection of Params |
-| EndToEnd.go:58:18:58:30 | selection of Form | semmle.label | selection of Form |
-| EndToEnd.go:58:18:58:47 | call to Get | semmle.label | call to Get |
-| EndToEnd.go:64:26:64:33 | selection of Params | semmle.label | selection of Params |
-| EndToEnd.go:64:26:64:38 | selection of Form | semmle.label | selection of Form |
-| EndToEnd.go:64:26:64:55 | call to Get | semmle.label | call to Get |
+| EndToEnd.go:59:18:59:25 | selection of Params | semmle.label | selection of Params |
+| EndToEnd.go:59:18:59:30 | selection of Form | semmle.label | selection of Form |
+| EndToEnd.go:59:18:59:47 | call to Get | semmle.label | call to Get |
+| EndToEnd.go:65:26:65:33 | selection of Params | semmle.label | selection of Params |
+| EndToEnd.go:65:26:65:38 | selection of Form | semmle.label | selection of Form |
+| EndToEnd.go:65:26:65:55 | call to Get | semmle.label | call to Get |
 subpaths
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.qlref
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.qlref
@@ -1,2 +1,4 @@
 query: Security/CWE-022/TaintedPath.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/examples/booking/app/init.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/examples/booking/app/init.go
@@ -33,11 +33,11 @@ func init() {
 		switch event {
 		case revel.ENGINE_BEFORE_INITIALIZED:
 			revel.AddHTTPMux("/this/is/a/test", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				fmt.Fprintln(w, "Hi there, it worked", r.URL.Path) // $ responsebody='selection of Path' responsebody='"Hi there, it worked"'
+				fmt.Fprintln(w, "Hi there, it worked", r.URL.Path) // $ responsebody='selection of Path' responsebody='"Hi there, it worked"' Alert[go/reflected-xss]
 				w.WriteHeader(200)
 			}))
 			revel.AddHTTPMux("/this/is/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				fmt.Fprintln(w, "Hi there, shorter prefix", r.URL.Path) // $ responsebody='selection of Path' responsebody='"Hi there, shorter prefix"'
+				fmt.Fprintln(w, "Hi there, shorter prefix", r.URL.Path) // $ responsebody='selection of Path' responsebody='"Hi there, shorter prefix"' Alert[go/reflected-xss]
 				w.WriteHeader(200)
 			}))
 		}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
copilot-swe-agent[bot]	49df5bda0d	Initial plan	2026-06-11 22:22:51 +00:00
Asger F	ad18659373	Merge pull request #21796 from mattcosta7/patch-1 Add UseMemoDirective and UseNoMemoDirective classes	2026-06-11 23:01:29 +02:00
Matthew Costabile	923fe2dcb9	Merge branch 'main' into patch-1	2026-06-11 15:19:58 -04:00
Jeroen Ketema	642259cd51	Merge pull request #21968 from jketema/jketema/namequalifiers C++: Fix `NameQualifyingElement` db inconsistency	2026-06-11 15:11:51 +02:00
Owen Mansel-Chan	0d984588f9	Merge pull request #21965 from owen-mc/go/convert-to-inline-expectation-tests Go: convert all qlref tests to inline expectation tests using postprocessing	2026-06-11 13:27:06 +01:00
Owen Mansel-Chan	b4a9689341	Convert .qlref test to inline expectations	2026-06-11 07:15:54 +02:00
Owen Mansel-Chan	6a8e20a0c8	Fix pre-existing whitespace issues in go test files	2026-06-11 07:15:09 +02:00
Owen Mansel-Chan	4c411bbcb5	Convert hand-rolled inline expectations test	2026-06-11 07:13:48 +02:00
Asger F	b60bf8c79f	Merge pull request #21950 from tonghuaroot/experimental-ssrf-ipv6-transition-js Add experimental query: SSRF host guard missing IPv6-transition unwrap (CWE-918/CWE-1389)	2026-06-10 21:42:54 +02:00
Jeroen Ketema	ef00aa2567	C++: Add upgrade and downgrade scripts	2026-06-10 14:38:15 +02:00
Jeroen Ketema	6d0968744b	C++: Fix `NameQualifyingElement` db inconsistency	2026-06-10 14:35:36 +02:00
Jeroen Ketema	98f147556a	C++: Add namequalifier test with inconsistency While where the remove the file restriction in QL.	2026-06-10 14:27:56 +02:00
tonghuaroot (童话)	4c1a0058bf	Add SsrfIpv6TransitionIncompleteGuard.ql to not_included_in_qls.expected Fix the JS integration test failure flagged in review by listing the new experimental CWE-918 query in the expected not-included-in-qls suite, in sorted order.	2026-06-10 08:42:42 +08:00
Tom Hvitved	f5919875b7	Merge pull request #21941 from hvitved/python/content-approx Python: Implement `ContentApprox`	2026-06-09 15:46:04 +02:00
Tom Hvitved	cc1ea25856	Python: Implement `ContentApprox`	2026-06-08 08:41:28 +02:00
tonghuaroot	e93bc11f6f	Add experimental JS query for SSRF guards missing IPv6-transition unwrap Add javascript/ssrf-ipv6-transition-incomplete-guard, an experimental @kind problem query that flags hand-rolled SSRF host guards which reject private/loopback IPv4 ranges but never unwrap IPv6-transition forms (IPv4-mapped ::ffff:, NAT64 64:ff9b::, 6to4 2002::). Such guards can be bypassed by wrapping an internal IPv4 address in a transition literal. Includes a .qhelp with good/bad examples, a change note, and a test pack with two true-positive fixtures (private-ip package guard and a hand-written RFC 1918 denylist) and two negative-control fixtures (ipaddr.js range classifier and an explicit ::ffff: unwrap). Signed-off-by: tonghuaroot <23011166+tonghuaroot@users.noreply.github.com>	2026-06-06 21:47:24 +08:00
Matthew Costabile	2884428b62	Merge branch 'main' into patch-1	2026-05-26 07:16:24 -04:00
Matthew Costabile	e10750b35e	Merge branch 'main' into patch-1	2026-05-05 22:09:09 -04:00
Matthew Costabile	18550039f2	Update KnownDirective.expected	2026-05-05 11:06:40 -04:00
Matthew Costabile	0caa483925	change note and test	2026-05-05 13:20:39 +00:00
Matthew Costabile	640b17ec78	Add UseMemoDirective and UseNoMemoDirective classes	2026-05-05 07:41:36 -04:00